Recent vulnerabilities


Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
ghsa-59r8-jcm7-vx66 In the Linux kernel, the following vulnerability has been resolved: ARM: fix cacheflush with PAN … 2024-12-04T15:31:52Z 2024-12-11T18:30:39Z
ghsa-3q5q-j6r6-cgv8 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle dml al… 2024-12-04T15:31:52Z 2024-12-11T18:30:39Z
ghsa-33rw-2cg2-2mpc In the Linux kernel, the following vulnerability has been resolved: mm: revert "mm: shmem: fix dat… 2024-12-04T15:31:52Z 2024-12-11T18:30:39Z
ghsa-x5rh-6m69-mwg4 JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization i… 2024-12-02T21:31:20Z 2024-12-11T18:30:38Z
ghsa-623v-cr64-76w9 In the Linux kernel, the following vulnerability has been resolved: vdpa: solidrun: Fix UB bug wit… 2024-12-04T15:31:52Z 2024-12-11T18:30:38Z
ghsa-5cwm-fg2p-g6pp In the Linux kernel, the following vulnerability has been resolved: Revert "mmc: dw_mmc: Fix IDMAC… 2024-12-04T15:31:52Z 2024-12-11T18:30:38Z
ghsa-rhx4-7vf5-j6rw In the Linux kernel, the following vulnerability has been resolved: ice: fix memleak in ice_init_t… 2024-11-08T06:30:48Z 2024-12-11T18:30:37Z
ghsa-639p-pgpg-5qr5 In the Linux kernel, the following vulnerability has been resolved: ext4: don't set SB_RDONLY afte… 2024-11-08T06:30:49Z 2024-12-11T18:30:37Z
ghsa-x52v-qr6m-xx85 In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: avoid a use-after… 2024-05-21T15:31:38Z 2024-12-11T18:30:36Z
ghsa-w2hj-8f47-3gw5 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential … 2024-03-03T00:30:32Z 2024-12-11T18:30:36Z
ghsa-rj62-x3fp-f44h In the Linux kernel, the following vulnerability has been resolved: cifs: Fix UAF in cifs_demultip… 2024-03-03T00:30:32Z 2024-12-11T18:30:36Z
ghsa-r5mq-jg2w-g597 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large ha… 2024-07-30T09:32:01Z 2024-12-11T18:30:36Z
ghsa-mxqg-3qg8-9qfj In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Resolves SECS reclaim… 2024-03-03T00:30:32Z 2024-12-11T18:30:36Z
ghsa-jv48-qx8c-4x4f In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Check if is_avq is… 2024-07-30T09:32:02Z 2024-12-11T18:30:36Z
ghsa-hmvg-cx6j-hfj7 In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in t… 2024-03-04T09:30:29Z 2024-12-11T18:30:36Z
ghsa-h234-f9wp-jpmr In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit… 2024-03-03T00:30:32Z 2024-12-11T18:30:36Z
ghsa-85v9-53x3-q4xp In the Linux kernel, the following vulnerability has been resolved: dccp: fix dccp_v4_err()/dccp_v… 2024-03-03T00:30:32Z 2024-12-11T18:30:36Z
ghsa-6fvx-97p6-hw44 In the Linux kernel, the following vulnerability has been resolved: bluetooth/hci: disallow settin… 2024-07-30T09:32:01Z 2024-12-11T18:30:36Z
ghsa-68m6-x9cq-fjwx In the Linux kernel, the following vulnerability has been resolved: serial: 8250_port: Check IRQ d… 2024-03-03T00:30:32Z 2024-12-11T18:30:36Z
ghsa-4jr3-hwqp-2vq3 In the Linux kernel, the following vulnerability has been resolved: dma-debug: don't call __dma_en… 2024-03-03T00:30:31Z 2024-12-11T18:30:36Z
ghsa-3jh7-wc4v-w78v In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEV_STATS_INC… 2024-03-03T00:30:32Z 2024-12-11T18:30:36Z
ghsa-x2cj-cp2c-fxvp An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory co… 2023-06-19T12:30:21Z 2024-12-11T18:30:35Z
ghsa-qfxp-cg32-f2jj In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash in ql… 2024-02-27T21:31:27Z 2024-12-11T18:30:35Z
ghsa-9mhh-v2w9-x3xj In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Do not call scsi_don… 2024-03-03T00:30:31Z 2024-12-11T18:30:35Z
ghsa-9hx5-6xv8-6w7c In the Linux kernel, the following vulnerability has been resolved: media: aspeed: fix clock handl… 2024-02-28T09:30:36Z 2024-12-11T18:30:35Z
ghsa-x486-v4r3-8xm3 IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive inform… 2024-12-11T15:31:16Z 2024-12-11T15:31:16Z
ghsa-w6fv-cg9x-p5jx SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal paramet… 2024-12-10T21:30:53Z 2024-12-11T15:31:16Z
ghsa-v8rw-4jh7-4cx9 TP-Link TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to transmit user credent… 2024-12-10T21:30:52Z 2024-12-11T15:31:16Z
ghsa-r79x-wgrg-2v77 In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uniniti… 2024-11-19T03:31:08Z 2024-12-11T15:31:16Z
ghsa-px72-8g3v-62xm Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and ea… 2024-12-10T21:30:52Z 2024-12-11T15:31:16Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Description Vendor Product Published Updated
cve-2024-44241 N/A The issue was addressed with improved bounds chec… Apple
 iOS and iPadOS
 2024-12-11T22:58:58.623Z 2024-12-11T22:58:58.623Z
cve-2024-54514 N/A The issue was addressed with improved checks. Thi… Apple
 tvOS
 2024-12-11T22:58:54.477Z 2024-12-11T22:58:54.477Z
cve-2024-54502 N/A The issue was addressed with improved checks. Thi… Apple
 tvOS
 2024-12-11T22:58:51.903Z 2024-12-11T22:58:51.903Z
cve-2024-54471 N/A This issue was addressed with additional entitlem… Apple
 macOS
 2024-12-11T22:58:43.395Z 2024-12-11T22:58:43.395Z
cve-2024-54534 N/A The issue was addressed with improved memory hand… Apple
 tvOS
 2024-12-11T22:58:39.974Z 2024-12-11T22:58:39.974Z
cve-2024-44220 N/A The issue was addressed with improved memory hand… Apple
 macOS
 2024-12-11T22:58:38.648Z 2024-12-11T22:58:38.648Z
cve-2024-54505 N/A A type confusion issue was addressed with improve… Apple
 tvOS
 2024-12-11T22:58:31.052Z 2024-12-11T22:58:31.052Z
cve-2024-54513 N/A A permissions issue was addressed with additional… Apple
 tvOS
 2024-12-11T22:58:27.901Z 2024-12-11T22:58:27.901Z
cve-2024-44246 N/A The issue was addressed with improved routing of … Apple
 macOS
 2024-12-11T22:58:24.725Z 2024-12-11T22:58:24.725Z
cve-2024-54495 N/A The issue was addressed with improved permissions… Apple
 macOS
 2024-12-11T22:58:23.672Z 2024-12-11T22:58:23.672Z
cve-2024-54529 N/A A logic issue was addressed with improved checks.… Apple
 macOS
 2024-12-11T22:58:22.673Z 2024-12-11T22:58:22.673Z
cve-2024-54476 N/A The issue was addressed with improved checks. Thi… Apple
 macOS
 2024-12-11T22:58:21.651Z 2024-12-11T22:58:21.651Z
cve-2024-54524 N/A A logic issue was addressed with improved file ha… Apple
 macOS
 2024-12-11T22:58:18.519Z 2024-12-11T22:58:18.519Z
cve-2024-54477 N/A The issue was addressed with improved checks. Thi… Apple
 macOS
 2024-12-11T22:58:17.804Z 2024-12-11T22:58:17.804Z
cve-2024-54498 N/A A path handling issue was addressed with improved… Apple
 macOS
 2024-12-11T22:58:15.810Z 2024-12-11T22:58:15.810Z
cve-2024-54508 N/A The issue was addressed with improved memory hand… Apple
 tvOS
 2024-12-11T22:58:14.487Z 2024-12-11T22:58:14.487Z
cve-2024-54528 N/A A logic issue was addressed with improved restric… Apple
 macOS
 2024-12-11T22:58:12.397Z 2024-12-11T22:58:12.397Z
cve-2024-54494 N/A A race condition was addressed with additional va… Apple
 tvOS
 2024-12-11T22:58:11.683Z 2024-12-11T22:58:11.683Z
cve-2024-54504 N/A A privacy issue was addressed with improved priva… Apple
 macOS
 2024-12-11T22:58:07.540Z 2024-12-11T22:58:07.540Z
cve-2024-44291 N/A A logic issue was addressed with improved file ha… Apple
 macOS
 2024-12-11T22:58:06.543Z 2024-12-11T22:58:06.543Z
cve-2024-54527 N/A This issue was addressed with improved checks. Th… Apple
 tvOS
 2024-12-11T22:58:05.841Z 2024-12-11T22:58:05.841Z
cve-2024-44248 N/A This issue was addressed through improved state m… Apple
 macOS
 2024-12-11T22:58:04.792Z 2024-12-11T22:58:04.792Z
cve-2024-54531 N/A The issue was addressed with improved memory hand… Apple
 macOS
 2024-12-11T22:58:03.592Z 2024-12-11T22:58:03.592Z
cve-2024-54474 N/A The issue was addressed with improved checks. Thi… Apple
 macOS
 2024-12-11T22:58:00.449Z 2024-12-11T22:58:00.449Z
cve-2024-44225 N/A A logic issue was addressed with improved checks.… Apple
 tvOS
 2024-12-11T22:57:54.965Z 2024-12-11T22:57:54.965Z
cve-2024-44224 N/A A permissions issue was addressed with additional… Apple
 macOS
 2024-12-11T22:57:54.232Z 2024-12-11T22:57:54.232Z
cve-2024-54526 N/A The issue was addressed with improved checks. Thi… Apple
 tvOS
 2024-12-11T22:57:51.016Z 2024-12-11T22:57:51.016Z
cve-2024-44290 N/A This issue was addressed with improved redaction … Apple
 watchOS
 2024-12-11T22:57:50.012Z 2024-12-11T22:57:50.012Z
cve-2024-54506 N/A An out-of-bounds access issue was addressed with … Apple
 macOS
 2024-12-11T22:57:49.318Z 2024-12-11T22:57:49.318Z
cve-2024-54510 N/A A race condition was addressed with improved lock… Apple
 tvOS
 2024-12-11T22:57:39.157Z 2024-12-11T22:57:39.157Z
Vulnerabilities are sorted by update time (recent to old).
ID CVSS Description Vendor Product Published Updated
cve-2024-49126 8.1 (v3.1) Windows Local Security Authority Subsystem Service (LS… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:26.647Z 2024-12-12T00:47:18.238Z
cve-2024-49125 8.8 (v3.1) Windows Routing and Remote Access Service (RRAS) Remot… Microsoft
 Windows Server 2019
 2024-12-10T17:49:26.118Z 2024-12-12T00:47:17.674Z
cve-2024-49124 8.1 (v3.1) Lightweight Directory Access Protocol (LDAP) Client Re… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:25.530Z 2024-12-12T00:47:17.079Z
cve-2024-49123 8.1 (v3.1) Windows Remote Desktop Services Remote Code Execution … Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:24.913Z 2024-12-12T00:47:16.568Z
cve-2024-49122 8.1 (v3.1) Microsoft Message Queuing (MSMQ) Remote Code Execution… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:24.325Z 2024-12-12T00:47:15.949Z
cve-2024-49121 7.5 (v3.1) Windows Lightweight Directory Access Protocol (LDAP) D… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:23.739Z 2024-12-12T00:47:15.394Z
cve-2024-49120 8.1 (v3.1) Windows Remote Desktop Services Remote Code Execution … Microsoft
 Windows Server 2019
 2024-12-10T17:49:23.239Z 2024-12-12T00:47:14.801Z
cve-2024-49119 8.1 (v3.1) Windows Remote Desktop Services Remote Code Execution … Microsoft
 Windows Server 2019
 2024-12-10T17:49:22.782Z 2024-12-12T00:47:14.260Z
cve-2024-49118 8.1 (v3.1) Microsoft Message Queuing (MSMQ) Remote Code Execution… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:46.808Z 2024-12-12T00:47:31.046Z
cve-2024-49117 8.8 (v3.1) Windows Hyper-V Remote Code Execution Vulnerability Microsoft
 Windows Server 2022
 2024-12-10T17:49:22.184Z 2024-12-12T00:47:13.795Z
cve-2024-49116 8.1 (v3.1) Windows Remote Desktop Services Remote Code Execution … Microsoft
 Windows Server 2019
 2024-12-10T17:49:46.366Z 2024-12-12T00:47:30.555Z
cve-2024-49115 8.1 (v3.1) Windows Remote Desktop Services Remote Code Execution … Microsoft
 Windows Server 2019
 2024-12-10T17:49:21.638Z 2024-12-12T00:47:13.201Z
cve-2024-49114 7.8 (v3.1) Windows Cloud Files Mini Filter Driver Elevation of Pr… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:45.853Z 2024-12-12T00:47:30.127Z
cve-2024-49113 7.5 (v3.1) Windows Lightweight Directory Access Protocol (LDAP) D… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:45.354Z 2024-12-12T00:47:29.589Z
cve-2024-49112 9.8 (v3.1) Windows Lightweight Directory Access Protocol (LDAP) R… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:44.679Z 2024-12-12T00:47:34.031Z
cve-2024-49111 6.6 (v3.1) Wireless Wide Area Network Service (WwanSvc) Elevation… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:21.121Z 2024-12-12T00:47:12.441Z
cve-2024-49110 6.8 (v3.1) Windows Mobile Broadband Driver Elevation of Privilege… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:44.052Z 2024-12-12T00:47:29.076Z
cve-2024-49109 6.6 (v3.1) Wireless Wide Area Network Service (WwanSvc) Elevation… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:43.471Z 2024-12-12T00:47:28.503Z
cve-2024-49108 8.1 (v3.1) Windows Remote Desktop Services Remote Code Execution … Microsoft
 Windows Server 2019
 2024-12-10T17:49:20.444Z 2024-12-12T00:47:11.869Z
cve-2024-49107 7.3 (v3.1) WmsRepair Service Elevation of Privilege Vulnerability Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:19.766Z 2024-12-12T00:47:11.300Z
cve-2024-49106 8.1 (v3.1) Windows Remote Desktop Services Remote Code Execution … Microsoft
 Windows Server 2019
 2024-12-10T17:49:19.249Z 2024-12-12T00:47:10.752Z
cve-2024-49105 8.4 (v3.1) Remote Desktop Client Remote Code Execution Vulnerability Microsoft
 Windows 10 Version 1809
 2024-12-10T20:06:24.955Z 2024-12-12T00:47:33.517Z
cve-2024-49104 8.8 (v3.1) Windows Routing and Remote Access Service (RRAS) Remot… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:18.597Z 2024-12-12T00:47:10.271Z
cve-2024-49103 4.3 (v3.1) Windows Wireless Wide Area Network Service (WwanSvc) I… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:18.053Z 2024-12-12T00:47:09.748Z
cve-2024-49102 8.8 (v3.1) Windows Routing and Remote Access Service (RRAS) Remot… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:17.421Z 2024-12-12T00:47:08.656Z
cve-2024-49101 6.6 (v3.1) Wireless Wide Area Network Service (WwanSvc) Elevation… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:16.795Z 2024-12-12T00:47:08.040Z
cve-2024-49099 4.3 (v3.1) Windows Wireless Wide Area Network Service (WwanSvc) I… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:16.204Z 2024-12-12T00:47:07.463Z
cve-2024-49098 4.3 (v3.1) Windows Wireless Wide Area Network Service (WwanSvc) I… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:15.538Z 2024-12-12T00:47:07.016Z
cve-2024-49097 7 (v3.1) Windows PrintWorkflowUserSvc Elevation of Privilege Vu… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:15.025Z 2024-12-12T00:47:06.511Z
cve-2024-49096 7.5 (v3.1) Microsoft Message Queuing (MSMQ) Denial of Service Vul… Microsoft
 Windows 10 Version 1809
 2024-12-10T17:49:14.446Z 2024-12-12T00:47:06.063Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
pysec-2022-43176 The Zibal package in PyPI v1.0.0 was discovered to contain a code execution backdoor. This vulnerab… 2022-06-24T21:15:00Z 2024-11-21T14:23:03.404044Z
pysec-2022-43175 Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items… 2022-11-28T21:15:00+00:00 2024-11-21T14:23:03.352390+00:00
pysec-2022-43173 The wikifaces package in PyPI v1.0 included a code execution backdoor inserted by a third party. 2022-07-22T15:15:00Z 2024-11-21T14:23:03.244154Z
pysec-2019-256 In libwebp 0.5.1, there is a double free bug in libwebpmux. 2019-05-23T18:29:00Z 2024-11-21T14:23:03.194401Z
pysec-2022-43172 The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the r… 2022-06-24T21:15:00Z 2024-11-21T14:23:03.143453Z
pysec-2024-151 Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows… 2024-01-30T21:15:00+00:00 2024-11-21T14:23:03.091183+00:00
pysec-2024-150 Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed b… 2024-02-07T17:15:00+00:00 2024-11-21T14:23:03.024978+00:00
pysec-2024-149 Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 an… 2024-02-01T17:15:00+00:00 2024-11-21T14:23:02.970591+00:00
pysec-2024-148 Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to externa… 2024-02-02T17:15:00+00:00 2024-11-21T14:23:02.917464+00:00
pysec-2024-147 Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management … 2024-02-05T21:15:00+00:00 2024-11-21T14:23:02.864019+00:00
pysec-2023-307 Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts conta… 2023-12-13T20:15:00+00:00 2024-11-21T14:23:02.808922+00:00
pysec-2023-306 Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.… 2023-09-18T21:16:00+00:00 2024-11-21T14:23:02.752932+00:00
pysec-2023-305 Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in ver… 2023-09-18T21:16:00+00:00 2024-11-21T14:23:02.698147+00:00
pysec-2023-304 vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning… 2023-11-14T21:15:00+00:00 2024-11-21T14:23:02.641254+00:00
pysec-2023-303 vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning… 2023-11-14T21:15:00+00:00 2024-11-21T14:23:02.574095+00:00
pysec-2022-43171 An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x thro… 2022-03-10T17:47:00+00:00 2024-11-21T14:23:02.453983+00:00
pysec-2022-43170 An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through… 2022-03-10T17:47:00+00:00 2024-11-21T14:23:02.248212+00:00
pysec-2016-41 file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, an… 2016-09-07T19:28:00+00:00 2024-11-21T14:23:02.083165+00:00
pysec-2016-40 Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x bef… 2016-09-07T19:28:00+00:00 2024-11-21T14:23:02.008255+00:00
pysec-2023-301 Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. 2023-12-20T17:15:00+00:00 2024-11-21T14:23:01.933055+00:00
pysec-2023-300 Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. 2023-12-19T13:15:00+00:00 2024-11-21T14:23:01.871022+00:00
pysec-2023-299 Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0. 2023-05-18T17:15:00+00:00 2024-11-21T14:23:01.805729+00:00
pysec-2022-43169 The Togglee package in PyPI version v0.0.8 was discovered to contain a code execution backdoor. Thi… 2022-06-24T21:15:00Z 2024-11-21T14:23:01.740031Z
pysec-2016-39 An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function o… 2016-12-23T22:59:00Z 2024-11-21T14:23:01.531112Z
pysec-2019-253 Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files o… 2019-11-07T18:15:00Z 2024-11-21T14:23:01.477737Z
pysec-2022-43167 Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as appli… 2022-04-19T03:15:00+00:00 2024-11-21T14:23:01.289420+00:00
pysec-2022-43165 The Scoptrial package in PyPI version v0.0.5 was discovered to contain a code execution backdoor vi… 2022-06-24T21:15:00Z 2024-11-21T14:23:01.181819Z
pysec-2022-43164 The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor. … 2022-06-24T21:15:00Z 2024-11-21T14:23:00.996865Z
pysec-2023-297 A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitra… 2023-12-13T10:15:00Z 2024-11-21T14:23:00.892241Z
pysec-2023-296 An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the … 2023-12-13T10:15:00Z 2024-11-21T14:23:00.841929Z
Vulnerabilities are sorted by update time (recent to old).
ID Description
gsd-2024-33822 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33773 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33769 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33794 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33818 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33793 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33833 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33835 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33744 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33789 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33760 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33702 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33797 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33684 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33827 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33810 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33729 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33807 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33688 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33685 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33713 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33768 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33720 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33809 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33727 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33770 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33732 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33829 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33714 The format of the source doesn't require a description, click on the link for more details
gsd-2024-33693 The format of the source doesn't require a description, click on the link for more details
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
mal-2024-11131 Malicious code in communication-bridge (npm) 2024-11-29T06:09:11Z 2024-11-29T06:09:16Z
mal-2024-11142 Malicious code in flutter-angular-bridge (npm) 2024-11-29T06:09:11Z 2024-11-29T06:09:11Z
mal-2024-11154 Malicious code in safeness-backup (npm) 2024-11-29T06:04:40Z 2024-11-29T06:04:45Z
mal-2024-11155 Malicious code in safeness-sb (npm) 2024-11-29T06:04:40Z 2024-11-29T06:04:41Z
mal-2024-11129 Malicious code in all-dl-404 (npm) 2024-11-29T04:11:22Z 2024-11-29T04:11:23Z
mal-2024-11153 Malicious code in rudije (npm) 2024-11-29T04:05:42Z 2024-11-29T04:05:47Z
mal-2024-11139 Malicious code in enimoka (npm) 2024-11-29T04:05:42Z 2024-11-29T04:05:47Z
mal-2024-11135 Malicious code in cussionsbp (npm) 2024-11-29T04:05:42Z 2024-11-29T04:05:47Z
mal-2024-11130 Malicious code in citiycar (npm) 2024-11-29T04:05:42Z 2024-11-29T04:05:47Z
mal-2024-11149 Malicious code in noirxnodemailer (npm) 2024-11-29T04:05:42Z 2024-11-29T04:05:42Z
mal-2024-11147 Malicious code in nayan-server (npm) 2024-11-29T03:37:46Z 2024-11-29T03:37:46Z
mal-2024-11146 Malicious code in nayan-media-downloader (npm) 2024-11-29T03:37:46Z 2024-11-29T03:37:46Z
mal-2024-11145 Malicious code in n-hub (npm) 2024-11-29T03:37:46Z 2024-11-29T03:37:46Z
mal-2024-11144 Malicious code in imgur-upload-api (npm) 2024-11-29T03:37:46Z 2024-11-29T03:37:46Z
mal-2024-11134 Malicious code in crypto-keccak (npm) 2024-11-29T03:32:40Z 2024-11-29T03:32:40Z
mal-2024-11133 Malicious code in crypto-jsonwebtoken (npm) 2024-11-29T03:32:40Z 2024-11-29T03:32:40Z
mal-2024-11132 Malicious code in crypto-bignumber (npm) 2024-11-29T03:32:40Z 2024-11-29T03:32:40Z
mal-2024-11143 Malicious code in http-proxi-cache (npm) 2024-11-29T03:24:58Z 2024-11-29T03:24:58Z
mal-2024-11156 Malicious code in smtp2go (npm) 2024-11-29T01:38:35Z 2024-11-29T01:38:35Z
mal-2024-11140 Malicious code in evermade-bare-theme (npm) 2024-11-29T01:38:35Z 2024-11-29T01:38:35Z
mal-2024-11151 Malicious code in qvector (npm) 2024-11-29T01:37:04Z 2024-11-29T01:37:05Z
mal-2024-11150 Malicious code in notworking-v1 (npm) 2024-11-29T01:33:29Z 2024-11-29T01:33:30Z
mal-2024-11138 Malicious code in distdiscord-v11 (npm) 2024-11-29T01:33:29Z 2024-11-29T01:33:30Z
mal-2024-11137 Malicious code in distdiscord-v1 (npm) 2024-11-29T01:33:29Z 2024-11-29T01:33:29Z
mal-2024-11148 Malicious code in network-web (npm) 2024-11-29T01:30:30Z 2024-11-29T01:30:31Z
mal-2024-11141 Malicious code in evil-package-for-test (npm) 2024-11-29T01:28:08Z 2024-11-29T01:28:09Z
mal-2024-11152 Malicious code in randompathlist (npm) 2024-11-29T01:27:14Z 2024-11-29T01:27:14Z
mal-2024-11136 Malicious code in discord-json-requests (npm) 2024-11-29T01:27:14Z 2024-11-29T01:27:14Z
mal-2024-11128 Malicious code in agoda (npm) 2024-11-29T01:21:35Z 2024-11-29T01:21:36Z
mal-2024-10814 Malicious code in wixdevpoc (npm) 2024-11-14T09:13:14Z 2024-11-29T00:34:35Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
wid-sec-w-2024-3390 libxml2: Mehrere Schwachstellen 2015-11-18T23:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-3389 libxml2: Mehrere Schwachstellen 2015-11-22T23:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-3388 libxml2: Schwachstelle ermöglicht Denial of Service 2016-01-21T23:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-3387 libxml2: Schwachstelle ermöglicht Denial of Service 2016-01-25T23:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-3386 libxml2: Schwachstelle ermöglicht Denial of Service 2016-03-21T23:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-3385 libxml2: Schwachstelle ermöglicht Denial of Service oder Offenlegung von Informationen 2016-05-03T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-3384 libxml2: Mehrere Schwachstellen 2016-05-24T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-3383 libxml2: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Programmcode mit den Rechten des Dienstes 2016-06-09T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-3382 libxml2: Schwachstelle ermöglicht Offenlegung von Informationen 2016-11-16T23:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-3381 libxml2: Mehrere Schwachstellen ermöglichen Denial of Service 2016-12-07T23:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-3380 libxml2: Schwachstelle ermöglicht Denial of Service 2020-01-01T23:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-3358 Ansible: Schwachstelle ermöglicht Privilegieneskalation 2024-11-06T23:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-3330 Red Hat Trusted Profile Analyzer: Schwachstelle ermöglicht Denial of Service 2024-11-04T23:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-3300 X.Org X11 und Xming: Schwachstelle ermöglicht Privilegieneskalation 2024-10-29T23:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-3251 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2024-10-21T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-3250 Red Hat OpenShift: Mehrere Schwachstellen 2024-10-21T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-3124 Microsoft Entwicklerwerkzeuge: Mehrere Schwachstellen ermöglichen Privilegieneskalation 2024-10-08T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-3089 Red Hat Enterprise Linux (Cryostat): Mehrere Schwachstellen ermöglichen Cross-Site Scripting 2024-10-06T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-2209 XEN, Citrix XenServer und Hypervisor: Schwachstelle ermöglicht Denial of Service 2024-09-24T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-2151 Ansible: Schwachstelle ermöglicht Offenlegung von Informationen 2024-09-16T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-2117 Intel Prozessor: Mehrere Schwachstellen 2024-09-10T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-2057 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service oder unspezifischer Angriff 2024-09-04T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-2036 Red Hat OpenShift: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen 2024-09-03T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-1913 Red Hat OpenShift Container Platform: Mehrere Schwachstellen 2024-08-22T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-1875 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service 2024-08-18T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-1837 AMD Prozessoren: Mehrere Schwachstellen 2024-08-13T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-1821 Microsoft Developer Tools: Mehrere Schwachstellen 2024-08-13T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-1788 Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff 2024-08-07T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-1772 Red Hat OpenShift: Schwachstelle ermöglicht Offenlegung von Informationen 2024-08-06T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
wid-sec-w-2024-1750 QEMU: Schwachstelle ermöglicht Denial of Service 2024-08-04T22:00:00.000+00:00 2024-12-03T23:00:00.000+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
ssa-625850 SSA-625850: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family and SENTRON powermanager 2023-11-14T00:00:00Z 2024-08-13T00:00:00Z
ssa-417547 SSA-417547: Multiple Vulnerabilities in INTRALOG WMS Before V4 2024-08-13T00:00:00Z 2024-08-13T00:00:00Z
ssa-407785 SSA-407785: Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization 2023-08-08T00:00:00Z 2024-08-13T00:00:00Z
ssa-357412 SSA-357412: PRT File Parsing Vulnerability in NX Before V2406.3000 2024-08-13T00:00:00Z 2024-08-13T00:00:00Z
ssa-180704 SSA-180704: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.0 2023-12-12T00:00:00Z 2024-08-13T00:00:00Z
ssa-116924 SSA-116924: Path Traversal Vulnerability in TIA Portal 2023-04-11T00:00:00Z 2024-08-13T00:00:00Z
ssa-087301 SSA-087301: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.1 2024-08-13T00:00:00Z 2024-08-13T00:00:00Z
ssa-068047 SSA-068047: Multiple Vulnerabilities in SCALANCE M-800 Family Before V7.2.2 2023-12-12T00:00:00Z 2024-08-13T00:00:00Z
ssa-071402 SSA-071402: Multiple Vulnerabilities in SICAM Products 2024-07-22T00:00:00Z 2024-07-22T00:00:00Z
ssa-998949 SSA-998949: Hard-coded Default Encryption Key in Mendix Encryption Module V10.0.0 and V10.0.1 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-928781 SSA-928781: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2 HF1 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-868282 SSA-868282: Multiple Vulnerabilities in SINEMA Remote Connect Client before V3.2 HF1 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-825651 SSA-825651: Deserialization Vulnerability in SIMATIC STEP 7 (TIA Portal) before V18 Update 2 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-824889 SSA-824889: XML File Parsing Vulnerabilities in JT Open and PLM XML SDK 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-780073 SSA-780073: Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets 2020-02-11T00:00:00Z 2024-07-09T00:00:00Z
ssa-779936 SSA-779936: Catalog-Profile Deserialization Vulnerability in Siemens Engineering Platforms before V19 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-750274 SSA-750274: Impact of CVE-2024-3400 on RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW 2024-04-19T00:00:00Z 2024-07-09T00:00:00Z
ssa-730482 SSA-730482: Denial of Service Vulnerability in SIMATIC WinCC 2024-04-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-712929 SSA-712929: Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products 2022-06-14T00:00:00Z 2024-07-09T00:00:00Z
ssa-593272 SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices 2020-04-14T00:00:00Z 2024-07-09T00:00:00Z
ssa-484086 SSA-484086: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.1 2022-06-14T00:00:00Z 2024-07-09T00:00:00Z
ssa-473245 SSA-473245: Denial of Service Vulnerability in Profinet Devices 2019-10-08T00:00:00Z 2024-07-09T00:00:00Z
ssa-446448 SSA-446448: Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack 2022-04-12T00:00:00Z 2024-07-09T00:00:00Z
ssa-381581 SSA-381581: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2 SP1 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-346262 SSA-346262: Denial of Service Vulnerability in SNMP Interface of Industrial Products 2017-11-23T00:00:00Z 2024-07-09T00:00:00Z
ssa-337522 SSA-337522: Multiple Vulnerabilities in TIM 1531 IRC before V2.4.8 2024-06-11T00:00:00Z 2024-07-09T00:00:00Z
ssa-313039 SSA-313039: Deserialization Vulnerability in STEP 7 Safety before V19 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-170375 SSA-170375: Multiple Vulnerabilities in RUGGEDCOM ROS before V5.9 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
ssa-160243 SSA-160243: Multiple Vulnerabilities in SINEC NMS before V2.0 2023-10-10T00:00:00Z 2024-07-09T00:00:00Z
ssa-064222 SSA-064222: Multiple File Parsing Vulnerabilities in Simcenter Femap before V2406 2024-07-09T00:00:00Z 2024-07-09T00:00:00Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
rhsa-2023_7699 Red Hat Security Advisory: Red Hat OpenShift Pipelines Client tkn for 1.10.6 release and security update 2023-12-07T14:26:32+00:00 2024-12-11T22:23:30+00:00
rhsa-2023_7470 Red Hat Security Advisory: OpenShift Container Platform 4.14.4 bug fix and security update 2023-11-29T11:36:57+00:00 2024-12-11T22:23:11+00:00
rhsa-2023_7608 Red Hat Security Advisory: OpenShift Container Platform 4.12.45 bug fix and security update 2023-12-06T17:55:11+00:00 2024-12-11T22:23:08+00:00
rhsa-2023_7469 Red Hat Security Advisory: OpenShift Container Platform 4.14.4 security and extras update 2023-11-29T10:27:24+00:00 2024-12-11T22:23:03+00:00
rhsa-2023_7607 Red Hat Security Advisory: OpenShift Container Platform 4.12.45 security and extras update 2023-12-06T16:54:41+00:00 2024-12-11T22:22:59+00:00
rhsa-2023_7479 Red Hat Security Advisory: OpenShift Container Platform 4.11.54 bug fix and security update 2023-11-29T01:40:41+00:00 2024-12-11T22:22:51+00:00
rhsa-2023_7604 Red Hat Security Advisory: OpenShift Container Platform 4.13.25 bug fix and security update 2023-12-06T00:34:23+00:00 2024-12-11T22:22:50+00:00
rhsa-2023_7602 Red Hat Security Advisory: OpenShift Container Platform 4.13.25 security and extras update 2023-12-06T00:16:04+00:00 2024-12-11T22:22:40+00:00
rhsa-2023_7475 Red Hat Security Advisory: OpenShift Container Platform 4.13.24 bug fix and security update 2023-11-29T01:47:09+00:00 2024-12-11T22:22:40+00:00
rhsa-2023_7478 Red Hat Security Advisory: OpenShift Container Platform 4.11.54 security and extras update 2023-11-29T00:44:58+00:00 2024-12-11T22:22:32+00:00
rhsa-2023_7662 Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 6.0.3 security update 2023-12-06T00:20:48+00:00 2024-12-11T22:22:31+00:00
rhsa-2023_7599 Red Hat Security Advisory: OpenShift Container Platform 4.14.5 bug fix and security update 2023-12-05T09:57:03+00:00 2024-12-11T22:22:22+00:00
rhsa-2023_7474 Red Hat Security Advisory: OpenShift Container Platform 4.13.24 security and extras update 2023-11-29T00:33:54+00:00 2024-12-11T22:22:22+00:00
rhsa-2023_7555 Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.3.0 security update 2023-11-28T18:50:01+00:00 2024-12-11T22:22:13+00:00
rhsa-2023_7323 Red Hat Security Advisory: OpenShift Container Platform 4.13.23 bug fix and security update 2023-11-21T11:27:12+00:00 2024-12-11T22:22:13+00:00
rhsa-2023_7522 Red Hat Security Advisory: OpenShift Virtualization 4.13.6 security and bug fix update 2023-11-28T13:45:02+00:00 2024-12-11T22:22:04+00:00
rhsa-2023_7345 Red Hat Security Advisory: Red Hat OpenShift GitOps v1.9.3 security update 2023-11-20T08:34:18+00:00 2024-12-11T22:22:04+00:00
rhsa-2023_7344 Red Hat Security Advisory: openshift-gitops-kam security update 2023-11-20T07:53:42+00:00 2024-12-11T22:21:56+00:00
rhsa-2023_7521 Red Hat Security Advisory: OpenShift Virtualization 4.13.6 RPMs security and bug fix update 2023-11-28T13:17:06+00:00 2024-12-11T22:21:55+00:00
rhsa-2023_7515 Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 9.0.0 security update 2023-11-27T16:08:33+00:00 2024-12-11T22:21:46+00:00
rhsa-2023_7342 Red Hat Security Advisory: OpenShift Container Platform 4.11 low-latency extras update 2023-11-16T20:48:36+00:00 2024-12-11T22:21:46+00:00
rhsa-2023_7198 Red Hat Security Advisory: OpenShift Container Platform 4.15.0 bug fix and security update 2024-02-27T20:49:10+00:00 2024-12-11T22:21:22+00:00
rhsa-2023_6842 Red Hat Security Advisory: OpenShift Container Platform 4.12.43 bug fix and security update 2023-11-16T20:31:52+00:00 2024-12-11T22:21:21+00:00
rhsa-2023_6841 Red Hat Security Advisory: Red Hat OpenShift Enterprise security update 2023-11-16T20:14:47+00:00 2024-12-11T22:21:11+00:00
rhsa-2023_7201 Red Hat Security Advisory: OpenShift Container Platform 4.15.0 packages and security update 2024-02-27T22:34:13+00:00 2024-12-11T22:21:06+00:00
rhsa-2023_6839 Red Hat Security Advisory: OpenShift Container Platform 4.14.2 security update 2023-11-16T05:56:26+00:00 2024-12-11T22:21:02+00:00
rhsa-2023_7200 Red Hat Security Advisory: OpenShift Container Platform 4.15.z security update 2024-02-27T22:49:18+00:00 2024-12-11T22:20:54+00:00
rhsa-2023_6840 Red Hat Security Advisory: OpenShift Container Platform 4.14.2 packages and security update 2023-11-15T07:24:02+00:00 2024-12-11T22:20:49+00:00
rhsa-2023_6894 Red Hat Security Advisory: OpenShift Container Platform 4.12.44 bug fix and security update 2023-11-21T12:36:12+00:00 2024-12-11T22:20:46+00:00
rhsa-2023_6836 Red Hat Security Advisory: OpenShift Container Platform 4.14.2 security and extras update 2023-11-15T00:47:45+00:00 2024-12-11T22:20:39+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
icsa-24-289-01 Siemens Siveillance Video Camera 2024-10-10T00:00:00.000000Z 2024-10-10T00:00:00.000000Z
icsa-24-289-02 Schneider Electric Data Center Expert 2024-10-08T00:00:00.000000Z 2024-10-08T00:00:00.000000Z
icsa-24-284-13 Siemens Tecnomatix Plant Simulation 2024-10-08T00:00:00.000000Z 2024-10-08T00:00:00.000000Z
icsa-24-284-12 Siemens Sentron Powercenter 1000 2024-10-08T00:00:00.000000Z 2024-10-08T00:00:00.000000Z
icsa-24-284-11 Siemens RUGGEDCOM APE1808 2024-10-08T00:00:00.000000Z 2024-10-08T00:00:00.000000Z
icsa-24-284-09 Siemens PSS SINCAL 2024-10-08T00:00:00.000000Z 2024-10-08T00:00:00.000000Z
icsa-24-284-08 Siemens HiMed Cockpit 2024-10-08T00:00:00.000000Z 2024-10-08T00:00:00.000000Z
icsa-24-284-07 Siemens JT2Go 2024-10-08T00:00:00.000000Z 2024-10-08T00:00:00.000000Z
icsa-24-284-06 Siemens SINEC Security Monitor 2024-10-08T00:00:00.000000Z 2024-10-08T00:00:00.000000Z
icsa-24-284-05 Siemens Questa and ModelSim 2024-10-08T00:00:00.000000Z 2024-10-08T00:00:00.000000Z
icsa-24-284-04 Siemens SENTRON PAC3200 Devices 2024-10-08T00:00:00.000000Z 2024-10-08T00:00:00.000000Z
icsa-24-284-03 Siemens Teamcenter Visualization and JT2Go 2024-10-08T00:00:00.000000Z 2024-10-08T00:00:00.000000Z
icsa-24-284-02 Siemens Simcenter Nastran 2024-10-08T00:00:00.000000Z 2024-10-08T00:00:00.000000Z
icsa-24-277-03 Delta Electronics DIAEnergie 2024-10-03T06:00:00.000000Z 2024-10-03T06:00:00.000000Z
icsa-24-277-01 TEM Opera Plus FM Family Transmitter 2024-10-03T06:00:00.000000Z 2024-10-03T06:00:00.000000Z
icsa-24-277-02 Subnet Solutions Inc. PowerSYSTEM Center 2024-10-01T06:00:00.000000Z 2024-10-01T06:00:00.000000Z
icsa-24-275-02 Mitsubishi Electric MELSEC iQ-F FX5-OPC 2024-10-01T06:00:00.000000Z 2024-10-01T06:00:00.000000Z
icsa-24-275-01 Optigo Networks ONS-S8 - Spectra Aggregation Switch 2024-10-01T06:00:00.000000Z 2024-10-01T06:00:00.000000Z
icsa-24-270-03 Atelmo Atemio AM 520 HD Full HD Satellite Receiver 2024-09-26T06:00:00.000000Z 2024-09-26T06:00:00.000000Z
icsa-24-270-02 Advantech ADAM 5630 2024-09-26T06:00:00.000000Z 2024-09-26T06:00:00.000000Z
icsa-24-270-01 Advantech ADAM-5550 2024-09-26T06:00:00.000000Z 2024-09-26T06:00:00.000000Z
icsa-24-268-05 Moxa MXview One 2024-09-24T06:00:00.000000Z 2024-09-24T06:00:00.000000Z
icsa-24-268-04 Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE 2024-09-24T06:00:00.000000Z 2024-09-24T06:00:00.000000Z
icsa-24-268-03 Franklin Fueling Systems TS-550 EVO 2024-09-24T06:00:00.000000Z 2024-09-24T06:00:00.000000Z
icsa-24-268-02 Alisonic Sibylla 2024-09-24T06:00:00.000000Z 2024-09-24T06:00:00.000000Z
icsa-24-268-01 OPW Fuel Management Systems SiteSentinel 2024-09-24T06:00:00.000000Z 2024-09-24T06:00:00.000000Z
icsa-24-156-01 Uniview NVR301-04S2-P4 (Update A) 2024-06-04T06:00:00.000000Z 2024-09-24T06:00:00.000000Z
icsa-19-274-01 Interpeak IPnet TCP/IP Stack (Update E) 2019-10-01T06:00:00.000000Z 2024-09-24T06:00:00.000000Z
icsa-24-263-05 Kastle Systems Access Control System 2024-09-19T06:00:00.000000Z 2024-09-19T06:00:00.000000Z
icsa-24-263-04 MegaSys Computer Technologies Telenium Online Web Application 2024-09-19T06:00:00.000000Z 2024-09-19T06:00:00.000000Z
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
cisco-sa-openssh-rce-2024 Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024 2024-07-02T16:00:00+00:00 2024-09-13T14:43:44+00:00
cisco-sa-pak-mem-exhst-3ke9fefy Cisco IOS XR Software UDP Packet Memory Exhaustion Vulnerability 2024-09-11T16:00:00+00:00 2024-09-11T16:00:00+00:00
cisco-sa-l2services-2mvhdnuc Cisco IOS XR Software Network Convergence System Denial of Service Vulnerability 2024-09-11T16:00:00+00:00 2024-09-11T16:00:00+00:00
cisco-sa-isis-xehpbvne Cisco IOS XR Software Segment Routing for Intermediate System-to-Intermediate System Denial of Service Vulnerability 2024-09-11T16:00:00+00:00 2024-09-11T16:00:00+00:00
cisco-sa-iosxr-xml-tcpdos-zexvru2s Cisco IOS XR Software Dedicated XML Agent TCP Denial of Service Vulnerability 2024-09-11T16:00:00+00:00 2024-09-11T16:00:00+00:00
cisco-sa-iosxr-shellutil-hcb278wd Cisco IOS XR Software CLI Arbitrary File Read Vulnerability 2024-09-11T16:00:00+00:00 2024-09-11T16:00:00+00:00
cisco-sa-iosxr-priv-esc-crg5vhcq Cisco IOS XR Software CLI Privilege Escalation Vulnerability 2024-09-11T16:00:00+00:00 2024-09-11T16:00:00+00:00
cisco-sa-iosxr-ponctlr-ci-ohchmsfl Cisco Routed Passive Optical Network Controller Vulnerabilities 2024-09-11T16:00:00+00:00 2024-09-11T16:00:00+00:00
cisco-sa-ise-info-exp-vdf8jbyk Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability 2024-08-21T16:00:00+00:00 2024-09-05T13:14:02+00:00
cisco-sa-meraki-agent-dll-hj-ptn7ptke Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability 2024-09-04T16:00:00+00:00 2024-09-04T16:00:00+00:00
cisco-sa-ise-injection-6kn9tsxm Cisco Identity Services Engine Command Injection Vulnerability 2024-09-04T16:00:00+00:00 2024-09-04T16:00:00+00:00
cisco-sa-expressway-auth-kdfrcz2j Cisco Expressway Edge Improper Authorization Vulnerability 2024-09-04T16:00:00+00:00 2024-09-04T16:00:00+00:00
cisco-sa-duo-epic-info-sdlv6h8y Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability 2024-09-04T16:00:00+00:00 2024-09-04T16:00:00+00:00
cisco-sa-cslu-7ghmzwmw Cisco Smart Licensing Utility Vulnerabilities 2024-09-04T16:00:00+00:00 2024-09-04T16:00:00+00:00
cisco-sa-radius-spoofing-july-2024-87ccdwz3 RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024 2024-07-10T16:00:00+00:00 2024-09-03T14:10:25+00:00
cisco-sa-multi-vuln-finesse-qp6gbuo2 Multiple Cisco Products OpenSocial Gadget Editor Vulnerabilities 2021-01-13T16:00:00+00:00 2024-09-03T13:04:54+00:00
cisco-sa-nxos-psbe-ce-yvbtn5du Cisco NX-OS Software Python Sandbox Escape Vulnerabilities 2024-08-28T16:00:00+00:00 2024-08-28T16:00:00+00:00
cisco-sa-nxos-dhcp6-relay-dos-zneaa6xn Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service Vulnerability 2024-08-28T16:00:00+00:00 2024-08-28T16:00:00+00:00
cisco-sa-nxos-cmdinj-lq6jszhh Cisco NX-OS Software Command Injection Vulnerability 2024-08-28T16:00:00+00:00 2024-08-28T16:00:00+00:00
cisco-sa-nxos-bshacepe-bapehsx7 Cisco NX-OS Software Bash Arbitrary Code Execution and Privilege Escalation Vulnerabilities 2024-08-28T16:00:00+00:00 2024-08-28T16:00:00+00:00
cisco-sa-capic-priv-esc-uyqjjnuu Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability 2024-08-28T16:00:00+00:00 2024-08-28T16:00:00+00:00
cisco-sa-apic-cousmo-ubpbygbq Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability 2024-08-28T16:00:00+00:00 2024-08-28T16:00:00+00:00
cisco-sa-curl-libcurl-d9ds39cv cURL and libcurl Vulnerability Affecting Cisco Products: October 2023 2023-10-12T16:00:00+00:00 2024-08-27T18:06:16+00:00
cisco-sa-ise-rest-5bpkrntz Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabilities 2024-08-21T16:00:00+00:00 2024-08-22T15:15:53+00:00
cisco-sa-ise-csrf-y4zuz5rj Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability 2024-08-21T16:00:00+00:00 2024-08-21T16:00:00+00:00
cisco-sa-cucm-dos-kkhq43we Cisco Unified Communications Manager Denial of Service Vulnerability 2024-08-21T16:00:00+00:00 2024-08-21T16:00:00+00:00
cisco-sa-wsa-bypass-vxvqwzsj Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerability 2023-08-02T16:00:00+00:00 2024-08-14T14:27:30+00:00
cisco-sa-spa-http-vulns-rjzmx2xz Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities 2024-08-07T16:00:00+00:00 2024-08-07T16:00:00+00:00
cisco-sa-ise-xss-v2bm9jcy Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities 2024-08-07T16:00:00+00:00 2024-08-07T16:00:00+00:00
cisco-sa-iosxr-ipxe-sigbypass-pymfyqgb Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability 2023-09-13T16:00:00+00:00 2024-08-07T15:55:33+00:00
Vulnerabilities are sorted by update time (recent to old).
ID Description
var-201912-0636 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Arbitrary code execution * Insufficient access restrictions * information leak * Service operation interruption (DoS) * Information falsification * Privilege escalation * Sandbox avoidance. Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. A memory corruption vulnerability exists in the WebKit component of several Apple products. WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. (CVE-2019-6237) WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge. (CVE-2019-8601) An out-of-bounds read was addressed with improved input validation. (CVE-2019-8644) A logic issue existed in the handling of synchronous page loads. (CVE-2019-8689) A logic issue existed in the handling of document loads. (CVE-2019-8719) This fixes a remote code execution in webkitgtk4. No further details are available in NIST. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. This issue is fixed in watchOS 6.1. (CVE-2019-8766) "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items. (CVE-2019-8768) An issue existed in the drawing of web page elements. Visiting a maliciously crafted website may reveal browsing history. (CVE-2019-8769) This issue was addressed with improved iframe sandbox enforcement. (CVE-2019-8846) WebKitGTK up to and including 2.26.4 and WPE WebKit up to and including 2.26.4 (which are the versions right prior to 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. (CVE-2020-10018) A use-after-free flaw exists in WebKitGTK. This flaw allows remote malicious users to execute arbitrary code or cause a denial of service. A malicious website may be able to cause a denial of service. A DOM object context may not have had a unique security origin. A file URL may be incorrectly processed. (CVE-2020-3885) A race condition was addressed with additional validation. An application may be able to read restricted memory. (CVE-2020-3901) An input validation issue was addressed with improved input validation. (CVE-2020-3902). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: webkitgtk4 security, bug fix, and enhancement update Advisory ID: RHSA-2020:4035-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4035 Issue date: 2020-09-29 CVE Names: CVE-2019-6237 CVE-2019-6251 CVE-2019-8506 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 CVE-2019-8625 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8674 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-11070 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-10018 CVE-2020-11793 ==================================================================== 1. Summary: An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. The following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144) Security Fix(es): * webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm x86_64: webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm ppc64: webkitgtk4-2.28.2-2.el7.ppc.rpm webkitgtk4-2.28.2-2.el7.ppc64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64.rpm ppc64le: webkitgtk4-2.28.2-2.el7.ppc64le.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64le.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-2.28.2-2.el7.ppc64le.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64le.rpm s390x: webkitgtk4-2.28.2-2.el7.s390.rpm webkitgtk4-2.28.2-2.el7.s390x.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-2.28.2-2.el7.s390x.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm ppc64: webkitgtk4-debuginfo-2.28.2-2.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-2.el7.ppc64.rpm webkitgtk4-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-devel-2.28.2-2.el7.ppc64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.ppc64.rpm s390x: webkitgtk4-debuginfo-2.28.2-2.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-2.el7.s390x.rpm webkitgtk4-devel-2.28.2-2.el7.s390.rpm webkitgtk4-devel-2.28.2-2.el7.s390x.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: webkitgtk4-2.28.2-2.el7.src.rpm x86_64: webkitgtk4-2.28.2-2.el7.i686.rpm webkitgtk4-2.28.2-2.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-2.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-2.el7.x86_64.rpm webkitgtk4-devel-2.28.2-2.el7.i686.rpm webkitgtk4-devel-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-2.28.2-2.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: webkitgtk4-doc-2.28.2-2.el7.noarch.rpm These packages are GPG signed by Red Hat for security. References: https://access.redhat.com/security/cve/CVE-2019-6237 https://access.redhat.com/security/cve/CVE-2019-6251 https://access.redhat.com/security/cve/CVE-2019-8506 https://access.redhat.com/security/cve/CVE-2019-8524 https://access.redhat.com/security/cve/CVE-2019-8535 https://access.redhat.com/security/cve/CVE-2019-8536 https://access.redhat.com/security/cve/CVE-2019-8544 https://access.redhat.com/security/cve/CVE-2019-8551 https://access.redhat.com/security/cve/CVE-2019-8558 https://access.redhat.com/security/cve/CVE-2019-8559 https://access.redhat.com/security/cve/CVE-2019-8563 https://access.redhat.com/security/cve/CVE-2019-8571 https://access.redhat.com/security/cve/CVE-2019-8583 https://access.redhat.com/security/cve/CVE-2019-8584 https://access.redhat.com/security/cve/CVE-2019-8586 https://access.redhat.com/security/cve/CVE-2019-8587 https://access.redhat.com/security/cve/CVE-2019-8594 https://access.redhat.com/security/cve/CVE-2019-8595 https://access.redhat.com/security/cve/CVE-2019-8596 https://access.redhat.com/security/cve/CVE-2019-8597 https://access.redhat.com/security/cve/CVE-2019-8601 https://access.redhat.com/security/cve/CVE-2019-8607 https://access.redhat.com/security/cve/CVE-2019-8608 https://access.redhat.com/security/cve/CVE-2019-8609 https://access.redhat.com/security/cve/CVE-2019-8610 https://access.redhat.com/security/cve/CVE-2019-8611 https://access.redhat.com/security/cve/CVE-2019-8615 https://access.redhat.com/security/cve/CVE-2019-8619 https://access.redhat.com/security/cve/CVE-2019-8622 https://access.redhat.com/security/cve/CVE-2019-8623 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8644 https://access.redhat.com/security/cve/CVE-2019-8649 https://access.redhat.com/security/cve/CVE-2019-8658 https://access.redhat.com/security/cve/CVE-2019-8666 https://access.redhat.com/security/cve/CVE-2019-8669 https://access.redhat.com/security/cve/CVE-2019-8671 https://access.redhat.com/security/cve/CVE-2019-8672 https://access.redhat.com/security/cve/CVE-2019-8673 https://access.redhat.com/security/cve/CVE-2019-8674 https://access.redhat.com/security/cve/CVE-2019-8676 https://access.redhat.com/security/cve/CVE-2019-8677 https://access.redhat.com/security/cve/CVE-2019-8678 https://access.redhat.com/security/cve/CVE-2019-8679 https://access.redhat.com/security/cve/CVE-2019-8680 https://access.redhat.com/security/cve/CVE-2019-8681 https://access.redhat.com/security/cve/CVE-2019-8683 https://access.redhat.com/security/cve/CVE-2019-8684 https://access.redhat.com/security/cve/CVE-2019-8686 https://access.redhat.com/security/cve/CVE-2019-8687 https://access.redhat.com/security/cve/CVE-2019-8688 https://access.redhat.com/security/cve/CVE-2019-8689 https://access.redhat.com/security/cve/CVE-2019-8690 https://access.redhat.com/security/cve/CVE-2019-8707 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8719 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8726 https://access.redhat.com/security/cve/CVE-2019-8733 https://access.redhat.com/security/cve/CVE-2019-8735 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8763 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8765 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8768 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8821 https://access.redhat.com/security/cve/CVE-2019-8822 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-11070 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OjINzjgjWX9erEAQjqsg/9FnSEJ3umFx0gtnsZIVRP9YxMIVZhVQ8z rNnK/LGQWq1nPlNC5OF60WRcWA7cC74lh1jl/+xU6p+9JXTq9y9hQTd7Fcf+6T01 RYj2zJe6kGBY/53rhZJKCdb9zNXz1CkqsuvTPqVGIabUWTTlsBFnd6l4GK6QL4kM XVQZyWtmSfmLII4Ocdav9WocJzH6o1TbEo+O9Fm6WjdVOK+/+VzPki0/dW50CQAK R8u5tTXZR5m52RLmvhs/LTv3yUnmhEkhvrR0TtuR8KRfcP1/ytNwn3VidFefuAO1 PWrgpjIPWy/kbtZaZWK4fBblYj6bKCVD1SiBKQcOfCq0f16aqRP2niFoDXdAy467 eGu0JHkRsIRCLG2rY+JfOau5KtLRhRr0iRe5AhOVpAtUelzjAvEQEcVv4GmZXcwX rXfeagSjWzdo8Mf55d7pjORXAKhGdO3FQSeiCvzq9miZq3NBX4Jm4raobeskw/rJ 1ONqg4fE7Gv7rks8QOy5xErwI8Ut1TGJAgYOD8rmRptr05hBWQFJCfmoc4KpxsMe PJoRag0AZfYxYoMe5avMcGCYHosU63z3wS7gao9flj37NkEi6M134vGmCpPNmpGr w5HQly9SO3mD0a92xOUn42rrXq841ZkVu89fR6j9wBn8NAKLWH6eUjZkVMNmLRzh PKg+HFNkMjk=dS3G -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Alternatively, on your watch, select "My Watch > General > About". ------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2019-0004 ------------------------------------------------------------------------ Date reported : August 29, 2019 Advisory ID : WSA-2019-0004 WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2019-0004.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2019-0004.html CVE identifiers : CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2019-8644 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to G. Geshev working with Trend Micro's Zero Day Initiative. CVE-2019-8649 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to Sergei Glazunov of Google Project Zero. CVE-2019-8658 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to akayn working with Trend Micro's Zero Day Initiative. CVE-2019-8666 Versions affected: WebKitGTK and WPE WebKit before 2.24.3. Credit to Zongming Wang (王宗明) and Zhe Jin (金哲) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. CVE-2019-8669 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to akayn working with Trend Micro's Zero Day Initiative. CVE-2019-8671 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to Apple. CVE-2019-8672 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to Samuel Groß of Google Project Zero. CVE-2019-8673 Versions affected: WebKitGTK and WPE WebKit before 2.24.3. Credit to Soyeon Park and Wen Xu of SSLab at Georgia Tech. CVE-2019-8676 Versions affected: WebKitGTK and WPE WebKit before 2.24.3. Credit to Soyeon Park and Wen Xu of SSLab at Georgia Tech. CVE-2019-8677 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to Jihui Lu of Tencent KeenLab. CVE-2019-8678 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to an anonymous researcher, Anthony Lai (@darkfloyd1014) of Knownsec, Ken Wong (@wwkenwong) of VXRL, Jeonghoon Shin (@singi21a) of Theori, Johnny Yu (@straight_blast) of VX Browser Exploitation Group, Chris Chan (@dr4g0nfl4me) of VX Browser Exploitation Group, Phil Mok (@shadyhamsters) of VX Browser Exploitation Group, Alan Ho (@alan_h0) of Knownsec, Byron Wai of VX Browser Exploitation. CVE-2019-8679 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to Jihui Lu of Tencent KeenLab. CVE-2019-8680 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to Jihui Lu of Tencent KeenLab. CVE-2019-8681 Versions affected: WebKitGTK and WPE WebKit before 2.24.3. Credit to G. Geshev working with Trend Micro Zero Day Initiative. CVE-2019-8683 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to lokihardt of Google Project Zero. CVE-2019-8684 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to lokihardt of Google Project Zero. CVE-2019-8686 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to G. Geshev working with Trend Micro's Zero Day Initiative. CVE-2019-8687 Versions affected: WebKitGTK and WPE WebKit before 2.24.3. Credit to Apple. CVE-2019-8688 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to Insu Yun of SSLab at Georgia Tech. CVE-2019-8689 Versions affected: WebKitGTK and WPE WebKit before 2.24.3. Credit to lokihardt of Google Project Zero. CVE-2019-8690 Versions affected: WebKitGTK and WPE WebKit before 2.24.3. Credit to Sergei Glazunov of Google Project Zero. We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK and WPE WebKit team, August 29, 2019 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4 tvOS 12.4 addresses the following: Bluetooth Available for: Apple TV 4K and Apple TV HD Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB) Description: An input validation issue existed in Bluetooth. CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of University of Oxford, England Entry added August 13, 2019 Core Data Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Core Data Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8647: Samuel Groß and Natalie Silvanovich of Google Project Zero Core Data Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project Zero FaceTime Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu Foundation Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project Zero Heimdal Available for: Apple TV 4K and Apple TV HD Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team and Catalyst libxslt Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with improved input validation. CVE-2019-13118: found by OSS-Fuzz Profiles Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to restrict access to websites Description: A validation issue existed in the entitlement verification. CVE-2019-8698: Luke Deshotels, Jordan Beichler, and William Enck of North Carolina State University; Costin Carabaș and Răzvan Deaconescu of University POLITEHNICA of Bucharest Quick Look Available for: Apple TV 4K and Apple TV HD Impact: An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary Description: This issue was addressed with improved checks. CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project Zero Siri Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero UIFoundation Available for: Apple TV 4K and Apple TV HD Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8644: G. Geshev working with Trend Micro's Zero Day Initiative CVE-2019-8687: Apple CVE-2019-8688: Insu Yun of SSLab at Georgia Tech CVE-2019-8689: lokihardt of Google Project Zero Additional recognition Game Center We would like to acknowledge Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc. for their assistance. MobileInstallation We would like to acknowledge Dany Lisiansky (@DanyL931) for their assistance. Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl1S688pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3HyXxAA mG4VzHLTPDCtd3eXkDjN34xahbSiqapl+dcRPoJ4V8yTq2ZM7D+/6Ls4pRD/3oid 46YJfRDaH2J5kufrdYledP0fRXWZoi97tjfgewmP7qKJeftc/9y2qDqBPjnFzHxo 40BZaeVZjupKXyrPlT/Wy8kLZnBtufaEiwbrwkmR05hTuvP6MrQB9gC/YdQnVLTZ 8X7Rd9gIcTPl1cQ9lPvFRSxThsQMzQH69/amMYAhUfwuocn8GbVshVj8LNw7Ie2K pNUqt/UuB+DhQfUTHAlNezVcuWGUWVELkCuF6xv5oy6Z8bbyClOnYmZUmV+Nhqe+ gHmUUGMlhVuJme1mf20eapB+bHX8eXzxC99ScVymHym459V9N2NpGKDQmh3Pb1Cg OYMe7xyA7ckc8upqEl9WI+yyrRjlvuUUPXinmdldXnl0GFRfJfwbzsuoaQylIViE CKd8oOpzcG/dU8FiRYp5vzW9H/LMOTLK2Q1zX5dDhK2V6J/yYfqemnSOEvHhYD5g 08Wm7GaY2kpPqmJ1Vvbtzh9+5AVTNRxpP38xJJde1G8rSUgXs+MkxAh5n6cv+pr/ xpGVpPNsO1uKeRzXjbkTERxH2r8q548caRgKEn6OoOGWhXm6O4YDzopkM6tbe8p1 yIawhwh3AST6+peshxryiatYNsHunnvjpYc72UDiuBU= =KPlq -----END PGP SIGNATURE-----
var-201302-0303 Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. Adobe Flash Player Contains a buffer overflow vulnerability. This vulnerability CVE-2013-0642 , CVE-2013-0645 , CVE-2013-1365 , CVE-2013-1366 , CVE-2013-1368 , CVE-2013-1369 , CVE-2013-1370 , CVE-2013-1372 ,and CVE-2013-1373 Is a different vulnerability.An attacker could execute arbitrary code. Note: This issue was previously covered in BID 57907 (Adobe Flash Player and AIR APSB13-05 Multiple Security Vulnerabilities), but has been given its own record to better document it. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2013:0254-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0254.html Issue date: 2013-02-13 CVE Names: CVE-2013-0637 CVE-2013-0638 CVE-2013-0639 CVE-2013-0642 CVE-2013-0644 CVE-2013-0645 CVE-2013-0647 CVE-2013-0649 CVE-2013-1365 CVE-2013-1366 CVE-2013-1367 CVE-2013-1368 CVE-2013-1369 CVE-2013-1370 CVE-2013-1372 CVE-2013-1373 CVE-2013-1374 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-05, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2013-0638, CVE-2013-0639, CVE-2013-0642, CVE-2013-0644, CVE-2013-0645, CVE-2013-0647, CVE-2013-0649, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, CVE-2013-1373, CVE-2013-1374) A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially-crafted web page. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 910570 - flash-plugin: multiple code execution flaws (APSB13-05) 910571 - CVE-2013-0637 flash-plugin: information disclosure flaw (APSB13-05) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.270-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.270-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.270-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.270-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.270-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.270-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.270-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.270-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.270-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.270-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0637.html https://www.redhat.com/security/data/cve/CVE-2013-0638.html https://www.redhat.com/security/data/cve/CVE-2013-0639.html https://www.redhat.com/security/data/cve/CVE-2013-0642.html https://www.redhat.com/security/data/cve/CVE-2013-0644.html https://www.redhat.com/security/data/cve/CVE-2013-0645.html https://www.redhat.com/security/data/cve/CVE-2013-0647.html https://www.redhat.com/security/data/cve/CVE-2013-0649.html https://www.redhat.com/security/data/cve/CVE-2013-1365.html https://www.redhat.com/security/data/cve/CVE-2013-1366.html https://www.redhat.com/security/data/cve/CVE-2013-1367.html https://www.redhat.com/security/data/cve/CVE-2013-1368.html https://www.redhat.com/security/data/cve/CVE-2013-1369.html https://www.redhat.com/security/data/cve/CVE-2013-1370.html https://www.redhat.com/security/data/cve/CVE-2013-1372.html https://www.redhat.com/security/data/cve/CVE-2013-1373.html https://www.redhat.com/security/data/cve/CVE-2013-1374.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb13-05.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRG2NzXlSAg2UNWIIRAjGKAJ4lnleOpb7dBn8s/DCk7wAK9qbQJACgm3Vs pnyD10c/hdKGIm0b1Kjv3eY= =+cgh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass access restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310" References ========== [ 1 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 2 ] CVE-2012-5248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248 [ 3 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 4 ] CVE-2012-5249 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249 [ 5 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 6 ] CVE-2012-5250 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250 [ 7 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 8 ] CVE-2012-5251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251 [ 9 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 10 ] CVE-2012-5252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252 [ 11 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 12 ] CVE-2012-5253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253 [ 13 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 14 ] CVE-2012-5254 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254 [ 15 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 16 ] CVE-2012-5255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255 [ 17 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 18 ] CVE-2012-5256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256 [ 19 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 20 ] CVE-2012-5257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257 [ 21 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 22 ] CVE-2012-5258 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258 [ 23 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 24 ] CVE-2012-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259 [ 25 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 26 ] CVE-2012-5260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260 [ 27 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 28 ] CVE-2012-5261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261 [ 29 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 30 ] CVE-2012-5262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262 [ 31 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 32 ] CVE-2012-5263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263 [ 33 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 34 ] CVE-2012-5264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264 [ 35 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 36 ] CVE-2012-5265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265 [ 37 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 38 ] CVE-2012-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266 [ 39 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 40 ] CVE-2012-5267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267 [ 41 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 42 ] CVE-2012-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268 [ 43 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 44 ] CVE-2012-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269 [ 45 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 46 ] CVE-2012-5270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270 [ 47 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 48 ] CVE-2012-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271 [ 49 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 50 ] CVE-2012-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272 [ 51 ] CVE-2012-5274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274 [ 52 ] CVE-2012-5275 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275 [ 53 ] CVE-2012-5276 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276 [ 54 ] CVE-2012-5277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277 [ 55 ] CVE-2012-5278 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278 [ 56 ] CVE-2012-5279 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279 [ 57 ] CVE-2012-5280 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280 [ 58 ] CVE-2012-5676 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676 [ 59 ] CVE-2012-5677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677 [ 60 ] CVE-2012-5678 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678 [ 61 ] CVE-2013-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504 [ 62 ] CVE-2013-0630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630 [ 63 ] CVE-2013-0633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633 [ 64 ] CVE-2013-0634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634 [ 65 ] CVE-2013-0637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637 [ 66 ] CVE-2013-0638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638 [ 67 ] CVE-2013-0639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639 [ 68 ] CVE-2013-0642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642 [ 69 ] CVE-2013-0643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643 [ 70 ] CVE-2013-0644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644 [ 71 ] CVE-2013-0645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645 [ 72 ] CVE-2013-0646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646 [ 73 ] CVE-2013-0647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647 [ 74 ] CVE-2013-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648 [ 75 ] CVE-2013-0649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649 [ 76 ] CVE-2013-0650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650 [ 77 ] CVE-2013-1365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365 [ 78 ] CVE-2013-1366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366 [ 79 ] CVE-2013-1367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367 [ 80 ] CVE-2013-1368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368 [ 81 ] CVE-2013-1369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369 [ 82 ] CVE-2013-1370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370 [ 83 ] CVE-2013-1371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371 [ 84 ] CVE-2013-1372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372 [ 85 ] CVE-2013-1373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373 [ 86 ] CVE-2013-1374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374 [ 87 ] CVE-2013-1375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375 [ 88 ] CVE-2013-1378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378 [ 89 ] CVE-2013-1379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379 [ 90 ] CVE-2013-1380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380 [ 91 ] CVE-2013-2555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555 [ 92 ] CVE-2013-2728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728 [ 93 ] CVE-2013-3343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343 [ 94 ] CVE-2013-3344 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344 [ 95 ] CVE-2013-3345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345 [ 96 ] CVE-2013-3347 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347 [ 97 ] CVE-2013-3361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361 [ 98 ] CVE-2013-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362 [ 99 ] CVE-2013-3363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363 [ 100 ] CVE-2013-5324 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Adobe Flash Player / AIR Multiple Vulnerabilities SECUNIA ADVISORY ID: SA52166 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52166/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52166 RELEASE DATE: 2013-02-12 DISCUSS ADVISORY: http://secunia.com/advisories/52166/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/52166/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=52166 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player and AIR, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system. 1) Some unspecified errors can be exploited to cause buffer overflows. 2) Some use-after-free errors can be exploited to dereference already freed memory. 4) An unspecified error can be exploited to corrupt memory. 5) An unspecified error can be exploited to corrupt memory. 6) An unspecified error can be exploited to disclose certain sensitive information. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1, 2, 5) The vendor credits Mateusz Jurczyk, Gynvael Coldwind, and Fermin Serna, Google 3) The vendor credits Natalie Silvanovich, BlackBerry Security, Research in Motion 4) The vendor credits Damian Put via iDefense 6) Reported by the vendor. ORIGINAL ADVISORY: Adobe (APSB13-05): http://www.adobe.com/support/security/bulletins/apsb13-05.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
var-200106-0168 Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. Submitting numerous HTTP requests with modified headers, could cause Lotus Domino to consume all available system resources
var-202105-1461 A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. libwebp Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Versions of libwebp prior to 1.0.1 have security vulnerabilities. For the stable distribution (buster), these problems have been fixed in version 0.6.1-2+deb10u1. We recommend that you upgrade your libwebp packages. For the detailed security status of libwebp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libwebp Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDCfg0ACgkQEMKTtsN8 TjaaKBAAqMJfe5aH4Gh14SpB7h2S5JJUK+eo/aPo1tXn7BoLiF4O5g05+McyUOdE HI9ibolUfv+HoZlCDC93MBJvopWgd1/oqReHML5n2GXPBESYXpRstL04qwaRqu9g AvofhX88EwHefTXmljVTL4W1KgMJuhhPxVLdimxoqd0/hjagZtA7B7R05khigC5k nHMFoRogSPjI9H4vI2raYaOqC26zmrZNbk/CRVhuUbtDOG9qy9okjc+6KM9RcbXC ha++EhrGXPjCg5SwrQAZ50nW3Jwif2WpSeULfTrqHr2E8nHGUCHDMMtdDwegFH/X FK0dVaNPgrayw1Dji+fhBQz3qR7pl/1DK+gsLtREafxY0+AxZ57kCi51CykT/dLs eC4bOPaoho91KuLFrT+X/AyAASS/00VuroFJB4sWQUvEpBCnWPUW1m3NvjsyoYuj 0wmQMVM5Bb/aYuWAM+/V9MeoklmtIn+OPAXqsVvLxdbB0GScwJV86/NvsN6Nde6c twImfMCK1V75FPrIsxx37M52AYWvALgXbWoVi4aQPyPeDerQdgUPL1FzTGzem0NQ PnXhuE27H/pJz79DosW8md0RFr+tfPgZ8CeTirXSUUXFiqhcXR/w1lqN2vlmfm8V dmwgzvu9A7ZhG++JRqbbMx2D+NS4coGgRdA7XPuRrdNKniRIDhQ= =pN/j -----END PGP SIGNATURE----- . Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor 3. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload 1979134 - Placeholder bug for OCP 4.6.0 extras release 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: libwebp security update Advisory ID: RHSA-2021:2260-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2260 Issue date: 2021-06-07 CVE Names: CVE-2018-25011 CVE-2020-36328 CVE-2020-36329 ===================================================================== 1. Summary: An update for libwebp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libwebp-0.3.0-10.el7_9.src.rpm x86_64: libwebp-0.3.0-10.el7_9.i686.rpm libwebp-0.3.0-10.el7_9.x86_64.rpm libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm libwebp-devel-0.3.0-10.el7_9.i686.rpm libwebp-devel-0.3.0-10.el7_9.x86_64.rpm libwebp-java-0.3.0-10.el7_9.x86_64.rpm libwebp-tools-0.3.0-10.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libwebp-0.3.0-10.el7_9.src.rpm x86_64: libwebp-0.3.0-10.el7_9.i686.rpm libwebp-0.3.0-10.el7_9.x86_64.rpm libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm libwebp-devel-0.3.0-10.el7_9.i686.rpm libwebp-devel-0.3.0-10.el7_9.x86_64.rpm libwebp-java-0.3.0-10.el7_9.x86_64.rpm libwebp-tools-0.3.0-10.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libwebp-0.3.0-10.el7_9.src.rpm ppc64: libwebp-0.3.0-10.el7_9.ppc.rpm libwebp-0.3.0-10.el7_9.ppc64.rpm libwebp-debuginfo-0.3.0-10.el7_9.ppc.rpm libwebp-debuginfo-0.3.0-10.el7_9.ppc64.rpm ppc64le: libwebp-0.3.0-10.el7_9.ppc64le.rpm libwebp-debuginfo-0.3.0-10.el7_9.ppc64le.rpm s390x: libwebp-0.3.0-10.el7_9.s390.rpm libwebp-0.3.0-10.el7_9.s390x.rpm libwebp-debuginfo-0.3.0-10.el7_9.s390.rpm libwebp-debuginfo-0.3.0-10.el7_9.s390x.rpm x86_64: libwebp-0.3.0-10.el7_9.i686.rpm libwebp-0.3.0-10.el7_9.x86_64.rpm libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libwebp-debuginfo-0.3.0-10.el7_9.ppc.rpm libwebp-debuginfo-0.3.0-10.el7_9.ppc64.rpm libwebp-devel-0.3.0-10.el7_9.ppc.rpm libwebp-devel-0.3.0-10.el7_9.ppc64.rpm libwebp-java-0.3.0-10.el7_9.ppc64.rpm libwebp-tools-0.3.0-10.el7_9.ppc64.rpm ppc64le: libwebp-debuginfo-0.3.0-10.el7_9.ppc64le.rpm libwebp-devel-0.3.0-10.el7_9.ppc64le.rpm libwebp-java-0.3.0-10.el7_9.ppc64le.rpm libwebp-tools-0.3.0-10.el7_9.ppc64le.rpm s390x: libwebp-debuginfo-0.3.0-10.el7_9.s390.rpm libwebp-debuginfo-0.3.0-10.el7_9.s390x.rpm libwebp-devel-0.3.0-10.el7_9.s390.rpm libwebp-devel-0.3.0-10.el7_9.s390x.rpm libwebp-java-0.3.0-10.el7_9.s390x.rpm libwebp-tools-0.3.0-10.el7_9.s390x.rpm x86_64: libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm libwebp-devel-0.3.0-10.el7_9.i686.rpm libwebp-devel-0.3.0-10.el7_9.x86_64.rpm libwebp-java-0.3.0-10.el7_9.x86_64.rpm libwebp-tools-0.3.0-10.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libwebp-0.3.0-10.el7_9.src.rpm x86_64: libwebp-0.3.0-10.el7_9.i686.rpm libwebp-0.3.0-10.el7_9.x86_64.rpm libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libwebp-debuginfo-0.3.0-10.el7_9.i686.rpm libwebp-debuginfo-0.3.0-10.el7_9.x86_64.rpm libwebp-devel-0.3.0-10.el7_9.i686.rpm libwebp-devel-0.3.0-10.el7_9.x86_64.rpm libwebp-java-0.3.0-10.el7_9.x86_64.rpm libwebp-tools-0.3.0-10.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-25011 https://access.redhat.com/security/cve/CVE-2020-36328 https://access.redhat.com/security/cve/CVE-2020-36329 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYL4OxtzjgjWX9erEAQi1Yw//ZajpWKH7bKTBXifw2DXrc61fOReKCwR9 sQ/djSkMMo+hwhFNtqq9zHDmI81tuOzBRgzA0FzA6qeNZGzsJmNX/RrNgnep9um7 X08Dvb6+5VuHWBrrBv26wV5wGq/t2VKgGXSoJi6CDDDRlLn/RiAJzuZqhdhp3Ijn xBHIDIEYoNTYoDvbvZUVhY1kRKJ2sr3UxjcWPqDCNZdu51Z8ssW5up/Uh3NaY8yv iB7PIoIHrtBD0nGQcy5h4qE47wFbe9RdLTOaqGDAGaOrHWWT56eC72YnCYKMxO4K 8X9EXjhEmmH4a4Pl4dND7D1wiiOQe5kSA8IhYdgHVZQyo9WBJTD6g6C5IERwwjat s3Z7vhzA+/cLEo8+Jc5orRGoLArU5rOl4uqh64AEPaON9UB8bMOnqm24y+Ebyi0B S+zZ2kQ1FGeQIMnrjAer3OUcVnf26e6qNWBK+HCjdfmbhgtZxTtXyOKcM4lSFVcm LY8pLMWzZpcSCpYh15YtRRCWr4bJyX1UD8V3l2Zzek9zmFq5ogVX78KBYV3c4oWn ReVMDEpXb3bYoV/EsMk7WOaDBKM1eU2OjVp2e7r2Fnt8GESxSpZ1pKegkxXdPnmX EmPhXKZNnwh4Z4Aw2AYIsQVo9QTyvCnZjfjAy9WfIqbyg8OTGJOeQqQLlKsq6ddb YXjUcIgJv2g= =kWSg -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 7) - noarch 3. Description: The Qt Image Formats in an add-on module for the core Qt Gui library that provides support for additional image formats including MNG, TGA, TIFF, WBMP, and WebP. 8) - aarch64, ppc64le, s390x, x86_64 3
var-201904-0745 Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of FrameView objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. tvOS is a smart TV operating system. Safari is a web browser developed as the default browser included with MacOSX and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201808-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: August 22, 2018 Bugs: #652820, #658168, #662974 ID: 201808-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4" References ========== [ 1 ] CVE-2018-11646 https://nvd.nist.gov/vuln/detail/CVE-2018-11646 [ 2 ] CVE-2018-11712 https://nvd.nist.gov/vuln/detail/CVE-2018-11712 [ 3 ] CVE-2018-11713 https://nvd.nist.gov/vuln/detail/CVE-2018-11713 [ 4 ] CVE-2018-12293 https://nvd.nist.gov/vuln/detail/CVE-2018-12293 [ 5 ] CVE-2018-12294 https://nvd.nist.gov/vuln/detail/CVE-2018-12294 [ 6 ] CVE-2018-4101 https://nvd.nist.gov/vuln/detail/CVE-2018-4101 [ 7 ] CVE-2018-4113 https://nvd.nist.gov/vuln/detail/CVE-2018-4113 [ 8 ] CVE-2018-4114 https://nvd.nist.gov/vuln/detail/CVE-2018-4114 [ 9 ] CVE-2018-4117 https://nvd.nist.gov/vuln/detail/CVE-2018-4117 [ 10 ] CVE-2018-4118 https://nvd.nist.gov/vuln/detail/CVE-2018-4118 [ 11 ] CVE-2018-4119 https://nvd.nist.gov/vuln/detail/CVE-2018-4119 [ 12 ] CVE-2018-4120 https://nvd.nist.gov/vuln/detail/CVE-2018-4120 [ 13 ] CVE-2018-4121 https://nvd.nist.gov/vuln/detail/CVE-2018-4121 [ 14 ] CVE-2018-4122 https://nvd.nist.gov/vuln/detail/CVE-2018-4122 [ 15 ] CVE-2018-4125 https://nvd.nist.gov/vuln/detail/CVE-2018-4125 [ 16 ] CVE-2018-4127 https://nvd.nist.gov/vuln/detail/CVE-2018-4127 [ 17 ] CVE-2018-4128 https://nvd.nist.gov/vuln/detail/CVE-2018-4128 [ 18 ] CVE-2018-4129 https://nvd.nist.gov/vuln/detail/CVE-2018-4129 [ 19 ] CVE-2018-4133 https://nvd.nist.gov/vuln/detail/CVE-2018-4133 [ 20 ] CVE-2018-4146 https://nvd.nist.gov/vuln/detail/CVE-2018-4146 [ 21 ] CVE-2018-4162 https://nvd.nist.gov/vuln/detail/CVE-2018-4162 [ 22 ] CVE-2018-4163 https://nvd.nist.gov/vuln/detail/CVE-2018-4163 [ 23 ] CVE-2018-4165 https://nvd.nist.gov/vuln/detail/CVE-2018-4165 [ 24 ] CVE-2018-4190 https://nvd.nist.gov/vuln/detail/CVE-2018-4190 [ 25 ] CVE-2018-4192 https://nvd.nist.gov/vuln/detail/CVE-2018-4192 [ 26 ] CVE-2018-4199 https://nvd.nist.gov/vuln/detail/CVE-2018-4199 [ 27 ] CVE-2018-4200 https://nvd.nist.gov/vuln/detail/CVE-2018-4200 [ 28 ] CVE-2018-4201 https://nvd.nist.gov/vuln/detail/CVE-2018-4201 [ 29 ] CVE-2018-4204 https://nvd.nist.gov/vuln/detail/CVE-2018-4204 [ 30 ] CVE-2018-4214 https://nvd.nist.gov/vuln/detail/CVE-2018-4214 [ 31 ] CVE-2018-4218 https://nvd.nist.gov/vuln/detail/CVE-2018-4218 [ 32 ] CVE-2018-4222 https://nvd.nist.gov/vuln/detail/CVE-2018-4222 [ 33 ] CVE-2018-4232 https://nvd.nist.gov/vuln/detail/CVE-2018-4232 [ 34 ] CVE-2018-4233 https://nvd.nist.gov/vuln/detail/CVE-2018-4233 [ 35 ] CVE-2018-4261 https://nvd.nist.gov/vuln/detail/CVE-2018-4261 [ 36 ] CVE-2018-4262 https://nvd.nist.gov/vuln/detail/CVE-2018-4262 [ 37 ] CVE-2018-4263 https://nvd.nist.gov/vuln/detail/CVE-2018-4263 [ 38 ] CVE-2018-4264 https://nvd.nist.gov/vuln/detail/CVE-2018-4264 [ 39 ] CVE-2018-4265 https://nvd.nist.gov/vuln/detail/CVE-2018-4265 [ 40 ] CVE-2018-4266 https://nvd.nist.gov/vuln/detail/CVE-2018-4266 [ 41 ] CVE-2018-4267 https://nvd.nist.gov/vuln/detail/CVE-2018-4267 [ 42 ] CVE-2018-4270 https://nvd.nist.gov/vuln/detail/CVE-2018-4270 [ 43 ] CVE-2018-4272 https://nvd.nist.gov/vuln/detail/CVE-2018-4272 [ 44 ] CVE-2018-4273 https://nvd.nist.gov/vuln/detail/CVE-2018-4273 [ 45 ] CVE-2018-4278 https://nvd.nist.gov/vuln/detail/CVE-2018-4278 [ 46 ] CVE-2018-4284 https://nvd.nist.gov/vuln/detail/CVE-2018-4284 [ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003 https://webkitgtk.org/security/WSA-2018-0003.html [ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004 https://webkitgtk.org/security/WSA-2018-0004.html [ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005 https://webkitgtk.org/security/WSA-2018-0005.html [ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006 https://webkitgtk.org/security/WSA-2018-0006.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201808-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-1 iOS 11.4.1 iOS 11.4.1 is now available and addresses the following: CFNetwork Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks. CVE-2018-4293: an anonymous researcher Emoji Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing an emoji under certain configurations may lead to a denial of service Description: A denial of service issue was addressed with improved memory handling. CVE-2018-4290: Patrick Wardle of Digita Security Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2018-4282: Proteas of Qihoo 360 Nirvan Team libxpc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4280: Brandon Azad libxpc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4248: Brandon Azad LinkPresentation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may exfiltrate audio data cross-origin Description: Sound fetched through audio elements may be exfiltrated cross-origin. CVE-2018-4278: Jun Kokatsu (@shhnjk) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to cause a denial of service Description: A race condition was addressed with additional validation. CVE-2018-4266: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. CVE-2018-4274: an anonymous researcher WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4270: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4284: Found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4271: found by OSS-Fuzz CVE-2018-4273: found by OSS-Fuzz WebKit Page Loading Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4260: xisigr of Tencent's Xuanwu Lab (tencent.com) Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 11.4.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltDyFEpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQ8ecVjteJiCaYqQ/+ LoOw2Hgwr9l7EplQS1O9t9ssVvjaQ25JhxeAkEHhrrLTTpEHNOYhBgPj3XV3DkNT QR1XDKykgVXq1jAMqy2CzpVvb0bWrhAZte7lwLwTKiSdzWzY99LspMtck0uZXg5y qoePuHIifMF5oMzRsLq2IDKj7sDJ3mEOjOGizfJ5BRdFOZPKmuTLK/LnafzoqlOY XAYMj3puFWnlMs1ewTTbup5Oh0totisA7WlpDleG+a/IborfXe89nvUIAEyPH3UF jbPXGlIrB+aofMmoxgbJ7YDXm+7RZbRShrqS3IIwbuVWlWxi8M6AYvlFCAxKc3In R3Bum13NIR8ZTfLARmrRos54kzmygazCHK0yIkeKvJW3uSFIOUbBtkKQ8EpE8og9 KzNvxyMd5Le6kCJe8JECl6jrfnY7QrYBIPxowXymfcRyYpnpIidYHUPlej8OZYnT fH8lWsE09CikZjBLyKmM6NJ4Y24CAmILyJWTmrM+pM9jLN9InWxTr0raY+MiULnI MZgqDuP+wMKfcGGngOkDnmm84w4RSnwK7bRgVtCWV99rnqZvzDgoYhJXDyXXuPqL P0HN+TKdCJ7e+C4boqDup2Ojz7YhFXfCwkJ1fHLD+L+Aj46eLbuu9936vGgvAzQI 7aT98URG/GMffZ3Y53yDJZxHDTnFQ5/tOlNBv8LKJDA= =mzJ2 -----END PGP SIGNATURE----- . ------------------------------------------------------------------------ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 ------------------------------------------------------------------------ Date reported : August 07, 2018 Advisory ID : WSA-2018-0006 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0006.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0006.html CVE identifiers : CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4271, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-2018-12911. Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE-2018-4246 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.1. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4261 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Omair working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4262 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Mateusz Krzywicki working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4263 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Arayz working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4264 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light- Year Security Lab. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4265 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to cc working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4266 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. A malicious website may be able to cause a denial of service. A race condition was addressed with additional validation. CVE-2018-4267 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Arayz of Pangu team working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4270 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to an unexpected application crash. CVE-2018-4271 Versions affected: WebKitGTK+ before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to an unexpected application crash. CVE-2018-4272 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4273 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to an unexpected application crash. CVE-2018-4278 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Jun Kokatsu (@shhnjk). A malicious website may exfiltrate audio data cross-origin. Sound fetched through audio elements may be exfiltrated cross-origin. CVE-2018-4284 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-12911 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Yu Haiwan. Processing maliciously crafted web content may lead to arbitrary code execution. We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK+ and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK+ and WPE WebKit team, August 07, 2018 . CVE-2018-4260: xisigr of Tencent's Xuanwu Lab (tencent.com) Installation note: Safari 11.1.2 may be obtained from the Mac App Store
var-200501-0287 Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. Apple Mac OS X with Bluetooth support may unintentionally allow files to be exchanged with other systems by default. Apple Mac OS X Directory Service utilities use external programs insecurely, potentially allowing an attacker to execute arbitrary code. Multiple integer overflows in the LibTIFF library may allow an attacker to execute arbitrary code. Multiple integer overflows in the LibTIFF library may allow an attacker to execute arbitrary code. LibTIFF is affected by multiple buffer-overflow vulnerabilities because the software fails to properly perform boundary checks before copying user-supplied strings into finite process buffers. An attacker may leverage these issues to execute arbitrary code on a vulnerable computer with the privileges of the user running a vulnerable application, facilitating unauthorized access. The attacker may also leverage these issues to crash the affected application. libtiff is an application library responsible for encoding/decoding the TIFF image format. Impacts of other vulnerabilities addressed by the update include disclosure of information and denial of service. I. Description Apple Security Update 2005-005 resolves a number of vulnerabilities affecting Mac OS X and OS X Server. (CAN-2004-0594) Please note that Apple Security Update 2005-005 addresses additional vulnerabilities not described above. As further information becomes available, we will publish individual Vulnerability Notes. II. Impact The impacts of these vulnerabilities vary, for information about specific impacts please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands, disclosure of sensitive information, and denial of service. III. Solution Install an Update Install the update as described in Apple Security Update 2005-005. Appendix A. References * US-CERT Vulnerability Note VU#582934 - <http://www.kb.cert.org/vuls/id/582934> * US-CERT Vulnerability Note VU#258390 - <http://www.kb.cert.org/vuls/id/258390> * US-CERT Vulnerability Note VU#331694 - <http://www.kb.cert.org/vuls/id/331694> * US-CERT Vulnerability Note VU#706838 - <http://www.kb.cert.org/vuls/id/706838> * US-CERT Vulnerability Note VU#539110 - <http://www.kb.cert.org/vuls/id/539110> * US-CERT Vulnerability Note VU#354486 - <http://www.kb.cert.org/vuls/id/354486> * US-CERT Vulnerability Note VU#882750 - <http://www.kb.cert.org/vuls/id/882750> * US-CERT Vulnerability Note VU#537878 - <http://www.kb.cert.org/vuls/id/537878> * US-CERT Vulnerability Note VU#125598 - <http://www.kb.cert.org/vuls/id/125598> * US-CERT Vulnerability Note VU#356070 - <http://www.kb.cert.org/vuls/id/356070> * Apple Security Update 2005-005 - <http://docs.info.apple.com/article.html?artnum=301528> _________________________________________________________________ These vulnerabilities were discovered by several people and reported in Apple Security Update 2005-005. Please see the Vulnerability Notes for individual reporter acknowledgements. _________________________________________________________________ Feedback can be directed to the authors: Jeffrey Gennari and Jason Rafail. _________________________________________________________________ Copyright 2005 Carnegie Mellon University. Terms of use Revision History May 16, 2005: Initial release Last updated May 16, 2005 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQojwRBhoSezw4YfQAQKb1gf/a7XQAZQR+t5+FpzRoUrJyVIg3Mf1IISP yS5GLgfwC+4GuDEd/BA51+591OhNAWa1hO2JAUQwJ799VL7vAY6vbDW84c+S0eQ+ J+FHgddUsuvRtmsXCg2Fin1JRG4hCqBQ9q2S0h4+fM7yWSdLOY7xeAAwPOwG+bsU AVjDMNiPACHxw7CNQ8qpPXFfo3qrV+oj55F62TbR0fujtil6yQR3lE9wSeiuLs/i KgQFZlHMEoAwQnghwLk7eQLkzGD9eAZ+pZ7Ny0AvF7avhGflh2nFNe2acFoJ2Iw7 /gMXj/uN/ZpDssS37y38LIvyA3kIQrSlEW7iKf1wi2eQ3ntjyv/9NA== =uqBU -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 567-1 security@debian.org http://www.debian.org/security/ Martin Schulze October 15th, 2004 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : tiff Vulnerability : heap overflows Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 Several problems have been discovered in libtiff, the Tag Image File Format library for processing TIFF graphics files. The Common Vulnerabilities and Exposures Project has identified the following problems: CAN-2004-0803 Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution. CAN-2004-0804 Matthias Clasen discovered a division by zero through an integer overflow. CAN-2004-0886 Dmitry V. For the stable distribution (woody) these problems have been fixed in version 3.5.5-6woody1. For the unstable distribution (sid) these problems have been fixed in version 3.6.1-2. We recommend that you upgrade your libtiff package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.dsc Size/MD5 checksum: 635 11a374e916d818c05a373feb04cab6a0 http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.diff.gz Size/MD5 checksum: 36717 6f4d137f7c935d57757313a610dbd389 http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz Size/MD5 checksum: 693641 3b7199ba793dec6ca88f38bb0c8cc4d8 Alpha architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_alpha.deb Size/MD5 checksum: 141424 18b6e6b621178c1419de8a13a0a62366 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_alpha.deb Size/MD5 checksum: 105148 875257fb73ba05a575d06650c130a545 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_alpha.deb Size/MD5 checksum: 423194 9796f3e82553cedb237f1b574570f143 ARM architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_arm.deb Size/MD5 checksum: 116928 5ed91b9586d830e8da9a5086fc5a6e76 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_arm.deb Size/MD5 checksum: 90466 f04c381a418fd33602d1ba30158597d3 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_arm.deb Size/MD5 checksum: 404262 30f13bfdf54cfca30ee5ca0f6c6d0e4e Intel IA-32 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_i386.deb Size/MD5 checksum: 112068 d15dfdf84f010be08799d456726e1d9d http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_i386.deb Size/MD5 checksum: 81054 293f5c99f0a589917257ec7fee0b92fe http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_i386.deb Size/MD5 checksum: 387052 9606adb1668decf5ac1ee02a94298e85 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_ia64.deb Size/MD5 checksum: 158774 80c1b7ad68ecc78091ea95414125e81c http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_ia64.deb Size/MD5 checksum: 135386 b17f87aa0ad98fc50aa8c137a6f5089c http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_ia64.deb Size/MD5 checksum: 446496 757f3b6cc9d3f1ec5a2dfb1c3485caf3 HP Precision architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_hppa.deb Size/MD5 checksum: 128298 46dece015f0282bca0af7f6e740e9d31 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_hppa.deb Size/MD5 checksum: 106788 b837005b41c54c341cbd61e8fdb581ff http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_hppa.deb Size/MD5 checksum: 420346 3a2b91ee22af99eec3ab42d81cf9d59f Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_m68k.deb Size/MD5 checksum: 107302 0c702a3e5c2ad7ad7bd96dae64fa2d61 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_m68k.deb Size/MD5 checksum: 79770 d67f4347d35bf898a6ab1914cb53a42f http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_m68k.deb Size/MD5 checksum: 380218 42e6f07cf2e70de01ca40ac4a97254bf Big endian MIPS architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mips.deb Size/MD5 checksum: 124048 85d8c8cbb62cc62c876bf4ed721027cf http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mips.deb Size/MD5 checksum: 87840 5f3312f22b0f345c7eae434f5b871993 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mips.deb Size/MD5 checksum: 410770 be817ddffa91c423b55fda3388d7ce48 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mipsel.deb Size/MD5 checksum: 123558 42594e9270de16ff802c11eccf7a0efb http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mipsel.deb Size/MD5 checksum: 88198 a8f0abe9205431caf94dce77d11ac477 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mipsel.deb Size/MD5 checksum: 410860 68a12ef6d37fc575105c4ceb9b766949 PowerPC architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_powerpc.deb Size/MD5 checksum: 116042 2258da94549ae05ffae643bc40790487 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_powerpc.deb Size/MD5 checksum: 89424 c8d782561a299ffb65ea84b59d88117a http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_powerpc.deb Size/MD5 checksum: 402372 1eca24adda52b40c7a8d789fdeb3cb2e IBM S/390 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_s390.deb Size/MD5 checksum: 116870 dcddc86a0d96296c07076391adc9d754 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_s390.deb Size/MD5 checksum: 91742 40c1de704b191e4abb65af8a4b7fd75d http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_s390.deb Size/MD5 checksum: 395332 86d351b75f1f146ddad6d562ca77005c Sun Sparc architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_sparc.deb Size/MD5 checksum: 132888 9ed9db78d727ba8bfbb25c1e68b03bf2 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_sparc.deb Size/MD5 checksum: 88556 a4069600bd9295a27d4eb6e9e0995495 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_sparc.deb Size/MD5 checksum: 397026 149e12055c5711129552fa938b5af431 These files will probably be moved into the stable distribution on its next update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00600177 Version: 1 HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary Code Execution, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. References: CERT VU#537878, VU#882750 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.00, B.11.11, B.11.23 running Motif applications. BACKGROUND Potential vulnerabilities have been reported with the handling of XPixMap format data: http://www.kb.cert.org/vuls/id/882750 http://www.kb.cert.org/vuls/id/537878 AFFECTED VERSIONS HP-UX B.11.00 ============= X11.MOTIF-SHLIB action: install PHSS_33129 or subsequent HP-UX B.11.11 ============= X11.MOTIF-SHLIB action: install PHSS_33130 or subsequent HP-UX B.11.23 ============= X11.MOTIF-SHLIB action: install PHSS_33132 or subsequent RESOLUTION HP has made the following patches available to resolve the issue. The patches can be downloaded from http://itrc.hp.com HP-UX B.11.00 PHSS_33129 or subsequent HP-UX B.11.11 PHSS_33130 or subsequent HP-UX B.11.23 PHSS_33132 or subsequent MANUAL ACTIONS: No PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA HISTORY Version:1 (rev.1) 17 May 2006 Initial release Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com. It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA& langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW, MA = HP Management Agents, MI = Misc. 3rd party SW, MP = HP MPE/iX, NS = HP NonStop Servers, OV = HP OpenVMS, PI = HP Printing & Imaging, ST = HP Storage SW, TL = HP Trusted Linux, TU = HP Tru64 UNIX, UX = HP-UX, VV = HP Virtual Vault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." (c)Copyright 2006 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
var-202010-1511 A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. A resource management error vulnerability exists in Apple Safari. The vulnerability originates from the aboutBlankURL() function of the WebKit component in Apple Safari. Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8 5. 8) - aarch64, ppc64le, s390x, x86_64 3. The following packages have been upgraded to a later upstream version: accountsservice (0.6.55), webkit2gtk3 (2.30.4). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/): 837035 - Shortcuts -- alfanumeric vs numpad 1152037 - RFE: use virtio-scsi disk bus with discard='unmap' for guests that support it 1464902 - Crash in dls_async_task_complete 1671761 - Adding new workspaces is broken in gnome session under wayland 1700002 - adding several printers is stalling the printer plugin in GSD 1705392 - Changing screen resolution while recording screen will break the video. 1728632 - CVE-2019-13012 glib2: insecure permissions for files and directories 1728896 - glib2: 'keyfile' backend for gsettings not loaded 1765627 - Can't install both gnome-online-accounts-devel.i686 and gnome-online-accounts-devel.x86_64 on RHEL 8.1 1786496 - gnome-shell killed by SIGABRT in g_assertion_message_expr.cold.16() 1796916 - Notification appears with incorrect "system not registered - register to get updates" message on RHEL8.2 when locale is non-English 1802105 - rpm based extensions in RHEL8 should not receive updates from extensions.gnome.org 1833787 - Unable to disable onscreen keyboard in touch screen machine 1842229 - double-touch desktop icons fails sometimes 1845660 - JS WARNING from gnome-shell [MetaWindowX11] 1846376 - rebase accountsservice to latest release 1854290 - Physical device fails to wakeup via org.gnome.ScreenSaver D-Bus API 1860946 - gnome-shell logs AuthList property defined with 'let' or 'const' 1861357 - Login shows Exclamation Sign with no message for Caps Lock on 1861769 - Authentication fails when Wayland is enabled along with polyinstantiation of /tmp 1865718 - Right click menu is not translated into Japanese when desktop-icons extension is enabled 1870837 - gnome control-center and settings-daemon don't handle systems that are registered but have no attached entitlements properly 1871041 - on screen keyboard (OSK) does not disappear completely, part of OSK remains on the screen 1876291 - [ALL LANG] Unlocalized strings in About -> Register System. 1881312 - [Bug] gnome-shell errors in syslog 1883304 - Rebase to WebKitGTK 2.30 1883868 - [RFE] Dump JS stack trace by default when gnome-shell crashes 1886822 - License differs from actual 1888407 - Flatpak updates and removals get confused if same ref occurs in multiple remotes 1889411 - self-signed cert in owncloud: HTTP Error: Unacceptable TLS certificate 1889528 - [8.4] Right GLX stereo texture is potentially leaked for each closed window 1901212 - CVE-2020-13584 webkitgtk: use-after-free may lead to arbitrary code execution 1901214 - CVE-2020-9948 webkitgtk: type confusion may lead to arbitrary code execution 1901216 - CVE-2020-9951 webkitgtk: use-after-free may lead to arbitrary code execution 1901221 - CVE-2020-9983 webkitgtk: out-of-bounds write may lead to code execution 1903043 - gnome-control-center SEGFAULT at ../panels/printers/pp-printer-entry.c:280 1903568 - CVE-2020-13543 webkitgtk: use-after-free may lead to arbitrary code execution 1906499 - Nautilus creates invalid bookmarks for Samba shares 1918391 - gdm isn't killing the login screen on login after all 1919429 - Ship libdazzle-devel in CRB 1919432 - Ship libepubgen-devel in CRB 1919435 - Ship woff2-devel in CRB 1919467 - Mutter: mouse click doesn't work when using 10-bit graphic monitor 1921151 - [nvidia Ampere] stutters when using nouveau with llvmpipe 6. 8): Source: gamin-0.1.10-32.el8.src.rpm glib2-2.56.4-9.el8.src.rpm aarch64: gamin-0.1.10-32.el8.aarch64.rpm gamin-debuginfo-0.1.10-32.el8.aarch64.rpm gamin-debugsource-0.1.10-32.el8.aarch64.rpm glib2-2.56.4-9.el8.aarch64.rpm glib2-debuginfo-2.56.4-9.el8.aarch64.rpm glib2-debugsource-2.56.4-9.el8.aarch64.rpm glib2-devel-2.56.4-9.el8.aarch64.rpm glib2-devel-debuginfo-2.56.4-9.el8.aarch64.rpm glib2-fam-2.56.4-9.el8.aarch64.rpm glib2-fam-debuginfo-2.56.4-9.el8.aarch64.rpm glib2-tests-2.56.4-9.el8.aarch64.rpm glib2-tests-debuginfo-2.56.4-9.el8.aarch64.rpm ppc64le: gamin-0.1.10-32.el8.ppc64le.rpm gamin-debuginfo-0.1.10-32.el8.ppc64le.rpm gamin-debugsource-0.1.10-32.el8.ppc64le.rpm glib2-2.56.4-9.el8.ppc64le.rpm glib2-debuginfo-2.56.4-9.el8.ppc64le.rpm glib2-debugsource-2.56.4-9.el8.ppc64le.rpm glib2-devel-2.56.4-9.el8.ppc64le.rpm glib2-devel-debuginfo-2.56.4-9.el8.ppc64le.rpm glib2-fam-2.56.4-9.el8.ppc64le.rpm glib2-fam-debuginfo-2.56.4-9.el8.ppc64le.rpm glib2-tests-2.56.4-9.el8.ppc64le.rpm glib2-tests-debuginfo-2.56.4-9.el8.ppc64le.rpm s390x: gamin-0.1.10-32.el8.s390x.rpm gamin-debuginfo-0.1.10-32.el8.s390x.rpm gamin-debugsource-0.1.10-32.el8.s390x.rpm glib2-2.56.4-9.el8.s390x.rpm glib2-debuginfo-2.56.4-9.el8.s390x.rpm glib2-debugsource-2.56.4-9.el8.s390x.rpm glib2-devel-2.56.4-9.el8.s390x.rpm glib2-devel-debuginfo-2.56.4-9.el8.s390x.rpm glib2-fam-2.56.4-9.el8.s390x.rpm glib2-fam-debuginfo-2.56.4-9.el8.s390x.rpm glib2-tests-2.56.4-9.el8.s390x.rpm glib2-tests-debuginfo-2.56.4-9.el8.s390x.rpm x86_64: gamin-0.1.10-32.el8.i686.rpm gamin-0.1.10-32.el8.x86_64.rpm gamin-debuginfo-0.1.10-32.el8.i686.rpm gamin-debuginfo-0.1.10-32.el8.x86_64.rpm gamin-debugsource-0.1.10-32.el8.i686.rpm gamin-debugsource-0.1.10-32.el8.x86_64.rpm glib2-2.56.4-9.el8.i686.rpm glib2-2.56.4-9.el8.x86_64.rpm glib2-debuginfo-2.56.4-9.el8.i686.rpm glib2-debuginfo-2.56.4-9.el8.x86_64.rpm glib2-debugsource-2.56.4-9.el8.i686.rpm glib2-debugsource-2.56.4-9.el8.x86_64.rpm glib2-devel-2.56.4-9.el8.i686.rpm glib2-devel-2.56.4-9.el8.x86_64.rpm glib2-devel-debuginfo-2.56.4-9.el8.i686.rpm glib2-devel-debuginfo-2.56.4-9.el8.x86_64.rpm glib2-fam-2.56.4-9.el8.x86_64.rpm glib2-fam-debuginfo-2.56.4-9.el8.i686.rpm glib2-fam-debuginfo-2.56.4-9.el8.x86_64.rpm glib2-tests-2.56.4-9.el8.x86_64.rpm glib2-tests-debuginfo-2.56.4-9.el8.i686.rpm glib2-tests-debuginfo-2.56.4-9.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1328 - Port fix to 5.0.z for BZ-1945168 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update Advisory ID: RHSA-2021:2479-01 Product: Red Hat OpenShift Container Storage Advisory URL: https://access.redhat.com/errata/RHSA-2021:2479 Issue date: 2021-06-17 CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 CVE-2019-25013 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13434 CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 CVE-2020-15358 CVE-2020-24977 CVE-2020-25659 CVE-2020-25678 CVE-2020-26116 CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 CVE-2020-27783 CVE-2020-28196 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2020-36242 CVE-2021-3139 CVE-2021-3177 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3528 CVE-2021-20305 CVE-2021-23239 CVE-2021-23240 CVE-2021-23336 ==================================================================== 1. Summary: Updated images that fix one security issue and several bugs are now available for Red Hat OpenShift Container Storage 4.6.5 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API. Security Fix(es): * NooBaa: noobaa-operator leaking RPC AuthToken into log files (CVE-2021-3528) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Currently, a newly restored PVC cannot be mounted if some of the OpenShift Container Platform nodes are running on a version of Red Hat Enterprise Linux which is less than 8.2, and the snapshot from which the PVC was restored is deleted. Workaround: Do not delete the snapshot from which the PVC was restored until the restored PVC is deleted. (BZ#1962483) * Previously, the default backingstore was not created on AWS S3 when OpenShift Container Storage was deployed, due to incorrect identification of AWS S3. With this update, the default backingstore gets created when OpenShift Container Storage is deployed on AWS S3. (BZ#1927307) * Previously, log messages were printed to the endpoint pod log even if the debug option was not set. With this update, the log messages are printed to the endpoint pod log only when the debug option is set. (BZ#1938106) * Previously, the PVCs could not be provisioned as the `rook-ceph-mds` did not register the pod IP on the monitor servers, and hence every mount on the filesystem timed out, resulting in CephFS volume provisioning failure. With this update, an argument `--public-addr=podIP` is added to the MDS pod when the host network is not enabled, and hence the CephFS volume provisioning does not fail. (BZ#1949558) * Previously, OpenShift Container Storage 4.2 clusters were not updated with the correct cache value, and hence MDSs in standby-replay might report an oversized cache, as rook did not apply the `mds_cache_memory_limit` argument during upgrades. With this update, the `mds_cache_memory_limit` argument is applied during upgrades and the mds daemon operates normally. (BZ#1951348) * Previously, the coredumps were not generated in the correct location as rook was setting the config option `log_file` to an empty string since logging happened on stdout and not on the files, and hence Ceph read the value of the `log_file` to build the dump path. With this update, rook does not set the `log_file` and keeps Ceph's internal default, and hence the coredumps are generated in the correct location and are accessible under `/var/log/ceph/`. (BZ#1938049) * Previously, Ceph became inaccessible, as the mons lose quorum if a mon pod was drained while another mon was failing over. With this update, voluntary mon drains are prevented while a mon is failing over, and hence Ceph does not become inaccessible. (BZ#1946573) * Previously, the mon quorum was at risk, as the operator could erroneously remove the new mon if the operator was restarted during a mon failover. With this update, the operator completes the same mon failover after the operator is restarted, and hence the mon quorum is more reliable in the node drains and mon failover scenarios. (BZ#1959983) All users of Red Hat OpenShift Container Storage are advised to pull these new images from the Red Hat Container Registry. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod 1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b 1951348 - [GSS][CephFS] health warning "MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files" for the standby-replay 1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore 1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files 1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version] 1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover 1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout 1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod 5. References: https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13012 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9948 https://access.redhat.com/security/cve/CVE-2020-9951 https://access.redhat.com/security/cve/CVE-2020-9983 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13543 https://access.redhat.com/security/cve/CVE-2020-13584 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25659 https://access.redhat.com/security/cve/CVE-2020-25678 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-27783 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2020-36242 https://access.redhat.com/security/cve/CVE-2021-3139 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3528 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-23239 https://access.redhat.com/security/cve/CVE-2021-23240 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2021:2122 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html This update fixes the following bug among others: * Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238) Security Fix(es): * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64 The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36 All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor 3. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing 5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202012-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: December 23, 2020 Bugs: #755947 ID: 202012-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which could result in the arbitrary execution of code. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.30.3 >= 2.30.3 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.30.3" References ========== [ 1 ] CVE-2020-13543 https://nvd.nist.gov/vuln/detail/CVE-2020-13543 [ 2 ] CVE-2020-13584 https://nvd.nist.gov/vuln/detail/CVE-2020-13584 [ 3 ] CVE-2020-9948 https://nvd.nist.gov/vuln/detail/CVE-2020-9948 [ 4 ] CVE-2020-9951 https://nvd.nist.gov/vuln/detail/CVE-2020-9951 [ 5 ] CVE-2020-9952 https://nvd.nist.gov/vuln/detail/CVE-2020-9952 [ 6 ] CVE-2020-9983 https://nvd.nist.gov/vuln/detail/CVE-2020-9983 [ 7 ] WSA-2020-0008 https://webkitgtk.org/security/WSA-2020-0008.html [ 8 ] WSA-2020-0009 https://webkitgtk.org/security/WSA-2020-0009.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202012-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0 watchOS 7.0 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211844. Audio Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020 Audio Available for: Apple Watch Series 3 and later Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020 CoreAudio Available for: Apple Watch Series 3 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020 CoreCapture Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9949: Proteas Entry added November 12, 2020 Disk Images Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9965: Proteas CVE-2020-9966: Proteas Entry added November 12, 2020 ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab Entry added November 12, 2020 ImageIO Available for: Apple Watch Series 3 and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9876: Mickey Jin of Trend Micro Entry added November 12, 2020 Keyboard Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany libxml2 Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9981: found by OSS-Fuzz Entry added November 12, 2020 Mail Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to unexpectedly alter application state Description: This issue was addressed with improved checks. CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences Entry added November 12, 2020 Messages Available for: Apple Watch Series 3 and later Impact: A local user may be able to discover a user’s deleted messages Description: The issue was addressed with improved deletion. CVE-2020-9989: von Brunn Media Entry added November 12, 2020 Phone Available for: Apple Watch Series 3 and later Impact: The screen lock may not engage after the specified time period Description: This issue was addressed with improved checks. CVE-2020-9946: Daniel Larsson of iolight AB Safari Available for: Apple Watch Series 3 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: The issue was addressed with improved UI handling. CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba, Piotr Duszynski Entry added November 12, 2020 Sandbox Available for: Apple Watch Series 3 and later Impact: A local user may be able to view senstive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog) Entry added November 12, 2020 Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to access restricted files Description: A logic issue was addressed with improved restrictions. CVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec Entry updated September 17, 2020 SQLite Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 Entry added November 12, 2020 SQLite Available for: Apple Watch Series 3 and later Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating SQLite to version 3.32.3. CVE-2020-15358 Entry added November 12, 2020 SQLite Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to leak memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9849 Entry added November 12, 2020 SQLite Available for: Apple Watch Series 3 and later Impact: A maliciously crafted SQL query may lead to data corruption Description: This issue was addressed with improved checks. CVE-2020-13631 Entry added November 12, 2020 SQLite Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-9947: cc working with Trend Micro Zero Day Initiative CVE-2020-9950: cc working with Trend Micro Zero Day Initiative CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos Entry added November 12, 2020 WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9983: zhunki Entry added November 12, 2020 WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-9952: Ryan Pickren (ryanpickren.com) Additional recognition Audio We would like to acknowledge JunDong Xie and XingWei Lin of Ant- financial Light-Year Security Lab for their assistance. Entry added November 12, 2020 Bluetooth We would like to acknowledge Andy Davis of NCC Group for their assistance. Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Entry added November 12, 2020 Core Location We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. iAP We would like to acknowledge Andy Davis of NCC Group for their assistance. Entry added November 12, 2020 Kernel We would like to acknowledge Brandon Azad of Google Project Zero, Stephen Röttger of Google for their assistance. Entry updated November 12, 2020 Location Framework We would like to acknowledge Nicolas Brunner (linkedin.com/in/nicolas-brunner-651bb4128) for their assistance. Entry updated October 19, 2020 Mail Drafts We would like to acknowledge Jon Bottarini of HackerOne for their assistance. Entry added November 12, 2020 Safari We would like to acknowledge Andreas Gutmann (@KryptoAndI) of OneSpan's Innovation Centre (onespan.com) and University College London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre (onespan.com) and University College London, Jack Cable of Lightning Security, Ryan Pickren (ryanpickren.com), Yair Amit for their assistance. Entry added October 19, 2020, updated November 12, 2020 WebKit We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com) for their assistance. Entry added November 12, 2020 Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxnUACgkQZcsbuWJ6 jjBSNA/9Fo7IsnnHAT7UAmepT0esn2tFafOZC9aupUH+KLAnslIqkhLibj8KdZ2z jtpOn8IzYKrFXQOxm9x+QGjzmxNhBQE2fNQRiATIaOdpkgOz7j6yqIRSUqA2aN0y QmaDwPzYEtEHKRF0Tk4cj8N8dGM3mgQTvS2YcTASFme/9jkbVX77F+CbbaxJUMHd 7fxUrMev+kTDx7kmG9aiec1+pfiV2JZUuv0a1IN7+VxbAHhVKHE2hDHNNPPLlG0Z 50sqhO/1vaRf6Ewe+A+xGi/Z31P81hhozyBZEcr8WDD7RBUA9QYyq7Duor6ZRUQ/ sUlTWctb+jPzyFePmYKEr7RIE1JSnANHHKMmLfTwLOaHqH5TMtcP6k6QRRVPjKBb zeWg6Xheaz+5h6ymX5woYNbzGN9TaAysz2KeFO3mK9XjPaUbzEAJT9+IryHYSLnT P3TgQw3g/HPVpWyp+s3fjcmpi9jGyxjdFezuMekeO4VktlgdK1lBs0gELPA0Zrkh MRl1ztd4FbMMAKHAzIgIcUUg5kgMMC6hO/DCVMlHCctHoNQeh2rEQo15YRRCEfAo OgDJsznRtf3hYsZC7Q19D8q0E/SeMtYrRdzjeSNvSQffyiNf3hvUcbxVYQMqm3Vw /tzliqnfshdjfpxB6sS4oDrnEqrM/x+2oETEgzHXWa9nt1rrLBI= =8ihy -----END PGP SIGNATURE-----
var-202206-1961 When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. curl Exists in an out-of-bounds write vulnerability.Information may be obtained. (CVE-2022-32207). Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.12 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/ Security fix: * CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS Bug fixes: * Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856) * RHACM 2.3.12 images (BZ# 2101411) 3. Bugs fixed (https://bugzilla.redhat.com/): 2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 5. ========================================================================== Ubuntu Security Notice USN-5495-1 June 27, 2022 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205) Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206) Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207) Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-diddle attack. (CVE-2022-32208) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.3 libcurl3-gnutls 7.81.0-1ubuntu1.3 libcurl3-nss 7.81.0-1ubuntu1.3 libcurl4 7.81.0-1ubuntu1.3 Ubuntu 21.10: curl 7.74.0-1.3ubuntu2.3 libcurl3-gnutls 7.74.0-1.3ubuntu2.3 libcurl3-nss 7.74.0-1.3ubuntu2.3 libcurl4 7.74.0-1.3ubuntu2.3 Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.12 libcurl3-gnutls 7.68.0-1ubuntu2.12 libcurl3-nss 7.68.0-1ubuntu2.12 libcurl4 7.68.0-1ubuntu2.12 Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.19 libcurl3-gnutls 7.58.0-2ubuntu3.19 libcurl3-nss 7.58.0-2ubuntu3.19 libcurl4 7.58.0-2ubuntu3.19 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Virtualization 4.12.0 Images security update Advisory ID: RHSA-2023:0408-01 Product: cnv Advisory URL: https://access.redhat.com/errata/RHSA-2023:0408 Issue date: 2023-01-24 CVE Names: CVE-2015-20107 CVE-2016-3709 CVE-2020-0256 CVE-2020-35525 CVE-2020-35527 CVE-2021-0308 CVE-2021-38561 CVE-2021-44716 CVE-2021-44717 CVE-2022-0391 CVE-2022-0934 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1705 CVE-2022-1785 CVE-2022-1798 CVE-2022-1897 CVE-2022-1927 CVE-2022-1962 CVE-2022-2068 CVE-2022-2097 CVE-2022-2509 CVE-2022-3515 CVE-2022-3787 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24795 CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-28131 CVE-2022-29526 CVE-2022-30293 CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-30698 CVE-2022-30699 CVE-2022-32148 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 CVE-2022-37434 CVE-2022-40674 CVE-2022-42898 ==================================================================== 1. Summary: Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images: Security Fix(es): * golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716) * kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798) * golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561) * golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717) * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962) * golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772) * golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773) * golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806) * golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131) * golang: syscall: faccessat checks wrong group (CVE-2022-29526) * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) * golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633) * golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635) * golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. RHEL-8-CNV-4.12 ============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89 3. Solution: Before applying this update, you must apply all previously released errata relevant to your system. To apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1719190 - Unable to cancel live-migration if virt-launcher pod in pending state 2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040377 - Unable to delete failed VMIM after VM deleted 2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed 2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control 2060499 - [RFE] Cannot add additional service (or other objects) to VM template 2069098 - Large scale |VMs migration is slow due to low migration parallelism 2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2071491 - Storage Throughput metrics are incorrect in Overview 2072797 - Metrics in Virtualization -> Overview period is not clear or configurable 2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers 2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode 2086551 - Min CPU feature found in labels 2087724 - Default template show no boot source even there are auto-upload boot sources 2088129 - [SSP] webhook does not comply with restricted security context 2088464 - [CDI] cdi-deployment does not comply with restricted security context 2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR 2089744 - HCO should label its control plane namespace to admit pods at privileged security level 2089751 - 4.12.0 containers 2089804 - 4.12.0 rpms 2091856 - ?Edit BootSource? action should have more explicit information when disabled 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer 2093771 - The disk source should be PVC if the template has no auto-update boot source 2093996 - kubectl get vmi API should always return primary interface if exist 2094202 - Cloud-init username field should have hint 2096285 - KubeVirt CR API documentation is missing docs for many fields 2096780 - [RFE] Add ssh-key and sysprep to template scripts tab 2097436 - Online disk expansion ignores filesystem overhead change 2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP 2099556 - [RFE] Add option to enable RDP service for windows vm 2099573 - [RFE] Improve template's message about not editable 2099923 - [RFE] Merge "SSH access" and "SSH command" into one 2100290 - Error is not dismissed on catalog review page 2100436 - VM list filtering ignores VMs in error-states 2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2100629 - Update nested support KBASE article 2100679 - The number of hardware devices is not correct in vm overview tab 2100682 - All hardware devices get deleted while just delete one 2100684 - Workload profile are not editable during creation and after creation 2101144 - VM filter has two "Other" checkboxes which are triggered together 2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode 2101167 - Edit buttons clickable area is too large. 2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id 2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state 2101390 - Easy to miss the "tick" when adding GPU device to vm via UI 2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id 2101423 - wrong user name on using ignition 2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page 2101445 - "Pending changes - Boot Order" 2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user 2101499 - Cannot add NIC to VM template as non-priv user 2101501 - NAME parameter in VM template has no effect. 2101628 - non-priv user cannot load dataSource while edit template's rootdisk 2101667 - VMI view is not aligned with vm and tempates 2101681 - All templates are labeling "source available" in template list page 2102074 - VM Creation time on VM Overview Details card lacks string 2102125 - vm clone modal is displaying DV size instead of PVC size 2102132 - align the utilization card of single VM overview with the design 2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"? 2102256 - Add button moved to right 2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal 2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other' 2102561 - sysprep-info should link to downstream doc 2102737 - Clone a VM should lead to vm overview tab 2102740 - "Save" button on vm clone modal should be "Clone" 2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab 2103807 - PVC is not named by VM name while creating vm quickly 2103817 - Workload profile values in vm details should align with template's value 2103844 - VM nic model is empty 2104331 - VM list page scroll up automatically 2104402 - VM create button is not enabled while adding multiple environment disks 2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed 2104424 - Enable descheduler or hide it on template's scheduling tab 2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted 2104480 - Alerts in VM overview tab disappeared after a few seconds 2104785 - "Add disk" and "Disks" are on the same line 2104859 - [RFE] Add "Copy SSH command" to VM action list 2105257 - Can't set log verbosity level for virt-operator pod 2106175 - All pages are crashed after visit Virtualization -> Overview 2106963 - Cannot add configmap for windows VM 2107279 - VM Template's bootable disk can be marked as bootable 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2108339 - datasource does not provide timestamp when updated 2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed 2109818 - Upstream metrics documentation is not detailed enough 2109975 - DataVolume fails to import "cirros-container-disk-demo" image 2110256 - Storage -> PVC -> upload data, does not support source reference 2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls 2111240 - GiB changes to B in Template's Edit boot source reference modal 2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics 2111328 - kubevirt plugin console crashed after visit vmi page 2111378 - VM SSH command generated by UI points at api VIP 2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates` 2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi) 2112900 - button style are different 2114516 - Nothing happens after clicking on Fedora cloud image list link 2114636 - The style of displayed items are not unified on VM tabs 2114683 - VM overview tab is crashed just after the vm is created 2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12 2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass 2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items 2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates 2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF' 2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found" 2117549 - Cannot edit cloud-init data after add ssh key 2117803 - Cannot edit ssh even vm is stopped 2117813 - Improve descriptive text of VM details while VM is off 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs 2118257 - outdated doc link tolerations modal 2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format 2119069 - Unable to start windows VMs on PSI setups 2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2119309 - readinessProbe in VM stays on failed 2119615 - Change the disk size causes the unit changed 2120907 - Cannot filter disks by label 2121320 - Negative values in migration metrics 2122236 - Failing to delete HCO with SSP sticking around 2122990 - VMExport should check APIGroup 2124147 - "ReadOnlyMany" should not be added to supported values in memory dump 2124307 - Ui crash/stuck on loading when trying to detach disk on a VM 2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it 2124555 - View documentation link on MigrationPolicies page des not work 2124557 - MigrationPolicy description is not displayed on Details page 2124558 - Non-privileged user can start MigrationPolicy creation 2124565 - Deleted DataSource reappears in list 2124572 - First annotation can not be added to DataSource 2124582 - Filtering VMs by OS does not work 2124594 - Docker URL validation is inconsistent over application 2124597 - Wrong case in Create DataSource menu 2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile 2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state 2127787 - Expose the PVC source of the dataSource on UI 2127843 - UI crashed by selecting "Live migration network" 2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes 2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer 2128002 - Error after VM template deletion 2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards 2128872 - [4.11]Can't restore cloned VM 2128948 - Cannot create DataSource from default YAML 2128949 - Cannot create MigrationPolicy from example YAML 2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2129013 - Mark Windows 11 as TechPreview 2129234 - Service is not deleted along with the VM when the VM is created from a template with service 2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data' 2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook 2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV 2130588 - crypto-policy : Common Ciphers support by apiserver and hco 2130695 - crypto-policy : Logging Improvement and publish the source of ciphers 2130909 - Non-privileged user can start DataSource creation 2131157 - KV data transfer rate chart in VM Metrics tab is not displayed 2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough 2131674 - Bump virtlogd memory requirement to 20Mi 2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11 2132682 - Default YAML entity name convention. 2132721 - Delete dialogs 2132744 - Description text is missing in Live Migrations section 2132746 - Background is broken in Virtualization Monitoring page 2132783 - VM can not be created from Template with edited boot source 2132793 - Edited Template BSR is not saved 2132932 - Typo in PVC size units menu 2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed 2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed 2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed 2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed 2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed 2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed 2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed 2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed 2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod 2134672 - [e2e] add data-test-id for catalog -> storage section 2134825 - Authorization for expand-spec endpoint missing 2135805 - Windows 2022 template is missing vTPM and UEFI params in spec 2136051 - Name jumping when trying to create a VM with source from catalog 2136425 - Windows 11 is detected as Windows 10 2136534 - Not possible to specify a TTL on VMExports 2137123 - VMExport: export pod is not PSA complaint 2137241 - Checkbox about delete vm disks is not loaded while deleting VM 2137243 - registery input add docker prefix twice 2137349 - "Manage source" action infinitely loading on DataImportCron details page 2137591 - Inconsistent dialog headings/titles 2137731 - Link of VM status in overview is not working 2137733 - No link for VMs in error status in "VirtualMachine statuses" card 2137736 - The column name "MigrationPolicy name" can just be "Name" 2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly 2138112 - Unsupported S3 endpoint option in Add disk modal 2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals 2138199 - Win11 and Win22 templates are not filtered properly by Template provider 2138653 - Saving Template prameters reloads the page 2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail 2138664 - VM that was created with SSH key fails to start 2139257 - Cannot add disk via "Using an existing PVC" 2139260 - Clone button is disabled while VM is running 2139293 - Non-admin user cannot load VM list page 2139296 - Non-admin cannot load MigrationPolicies page 2139299 - No auto-generated VM name while creating VM by non-admin user 2139306 - Non-admin cannot create VM via customize mode 2139479 - virtualization overview crashes for non-priv user 2139574 - VM name gets "emptyname" if click the create button quickly 2139651 - non-priv user can click create when have no permissions 2139687 - catalog shows template list for non-priv users 2139738 - [4.12]Can't restore cloned VM 2139820 - non-priv user cant reach vm details 2140117 - Provide upgrade path from 4.11.1->4.12.0 2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project 2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user 2140627 - Not able to select storageClass if there is no default storageclass defined 2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user 2140808 - Hyperv feature set to "enabled: false" prevents scheduling 2140977 - Alerts number is not correct on Virtualization overview 2140982 - The base template of cloned template is "Not available" 2140998 - Incorrect information shows in overview page per namespace 2141089 - Unable to upload boot images. 2141302 - Unhealthy states alerts and state metrics are missing 2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations 2141494 - "Start in pause mode" option is not available while creating the VM 2141654 - warning log appearing on VMs: found no SR-IOV networks 2141711 - Node column selector is redundant for non-priv user 2142468 - VM action "Stop" should not be disabled when VM in pause state 2142470 - Delete a VM or template from all projects leads to 404 error 2142511 - Enhance alerts card in overview 2142647 - Error after MigrationPolicy deletion 2142891 - VM latency checkup: Failed to create the checkup's Job 2142929 - Permission denied when try get instancestypes 2143268 - Topolvm storageProfile missing accessModes and volumeMode 2143498 - Could not load template while creating VM from catalog 2143964 - Could not load template while creating VM from catalog 2144580 - "?" icon is too big in VM Template Disk tab 2144828 - "?" icon is too big in VM Template Disk tab 2144839 - Alerts number is not correct on Virtualization overview 2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten 2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container 5. References: https://access.redhat.com/security/cve/CVE-2015-20107 https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-0256 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2021-0308 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0391 https://access.redhat.com/security/cve/CVE-2022-0934 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1705 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1798 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-1962 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-3787 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24795 https://access.redhat.com/security/cve/CVE-2022-25308 https://access.redhat.com/security/cve/CVE-2022-25309 https://access.redhat.com/security/cve/CVE-2022-25310 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27404 https://access.redhat.com/security/cve/CVE-2022-27405 https://access.redhat.com/security/cve/CVE-2022-27406 https://access.redhat.com/security/cve/CVE-2022-28131 https://access.redhat.com/security/cve/CVE-2022-29526 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-30630 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-30632 https://access.redhat.com/security/cve/CVE-2022-30633 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-30698 https://access.redhat.com/security/cve/CVE-2022-30699 https://access.redhat.com/security/cve/CVE-2022-32148 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY9FaIdzjgjWX9erEAQg3yQ/+IUc6v2m0ZjFWE+HcpaZSLK5EL2ddBtGH ipDVyXLh7uSxGXJEaaZ1bBnvS5pjP5u7xxkmHh/kOuD4U+DDNVdDrmfFvk7XwhlK xIgzHsJp82VTyvbALTJIBsBCaUnY1mepfIqk+yFgU3dW4QX2CcRN+y6RdtR/24Iv cV4DNZ2QgDoQZOpwNfoHFwOOwRbwQNOSJpoGY0ToMHOztpRax84mTmqkLpaiiQPH 3+DlfCuGo6jzFSbluZnELZGuwJHdl6rUfQUasT4H1YD2pT4cKI4Gg12rL2lvzz4s xfP2cLvykDqtINIZXy+NMteuI4cw5nrxZCfDpOBFnWfZ5cP5B/QeJG8J6wIr1ssb OWGAJNYGd+6yUdNgVjRO1u5iLPVN5zN0r9wlg/Kgm6IBWRzDP7b1Gqh2mmDWTbln moRHYxFdLuXX/ciJYRBlyLhkQJcz+r4HfkkzXuc/B0TG8/HSTShYDxWeFIIg9ALy xIuXAkdyZ8FyPavYzLvyENLqYiSD1z/76uRKuUWK+oWKclAsEFDXQm+VSv5zCh7x eOIFkWqJ449V4Z0VrSUvQw8AHcEzetUYd73pLYnBI/naHI4l1s8/21rPHu0LhAPs RvwsGL6jyJ/mDQvvjz4iOQq3pnYCI096Tzm8kaD4qQhBVtQVoUN41kZRQjPVQn94 5HLmWeHmkTg=Nw07 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Solution: For multicluster engine for Kubernetes, see the following documentation for details on how to install the images: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online 4. Description: Openshift Logging Bug Fix Release (5.3.12) Security Fix(es): * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 5
var-200901-0466 The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. Weaknesses in the MD5 algorithm allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic. Is a one-way hash function MD5 Outputs a value called a fixed-length message digest from the input value. A secure hash function must be extremely difficult to find an input value that corresponds to a particular message digest. That the same message digest is output from different inputs. " collision " Call it. 1996 From the year MD5 Attack methods that exploit the lack of collision resistance of algorithms have been reported. After that, this attack technique X.509 It can be used to forge certificates, 2008 A year CA Based on a certificate signed by CA It was reported that the certificate was successfully forged. MD5 Products that use the algorithm are affected.MD5 There are various effects depending on the usage pattern. As an example, forged SSL Trusting a malicious website using a certificate may cause information leakage. Attackers may take advantage of this issue to generate pairs of different, valid X.509 certificates that share a common signature. An attacker is most likely to exploit this issue to conduct phishing attacks or to impersonate legitimate sites by taking advantage of malicious certificates. Other attacks are likely possible. - HPE iMC PLAT - Please refer to the RESOLUTION below for a list of impacted products. All product versions are impacted prior to the fixed version listed. + **iMC PLAT - Version: IMC PLAT 7.2, E0403P10** - JD125A HP IMC Std S/W Platform w/100-node - JD126A HP IMC Ent S/W Platform w/100-node - JD808A HP IMC Ent Platform w/100-node License - JD814A HP A-IMC Enterprise Edition Software DVD Media - JD815A HP IMC Std Platform w/100-node License - JD816A HP A-IMC Standard Edition Software DVD Media - JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU - JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU - JF377A HP IMC Std S/W Platform w/100-node Lic - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU - JF378A HP IMC Ent S/W Platform w/200-node Lic - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU - JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade 50-node and 150-AP E-LTU - JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point E-LTU - JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU - JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with 200-node E-LTU **Note:** Please contact HPE Technical Support if any assistance is needed acquiring the software updates. HISTORY Version:1 (rev.1) - 26 September 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05336888 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05336888 Version: 1 HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-11-18 Last Updated: 2016-11-18 Potential Security Impact: Remote: Multiple Vulnerabilities Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Security vulnerabilities in MD5 message digest algorithm and RC4 ciphersuite could potentially impact HPE Comware 5 and Comware 7 network products using SSL/TLS. These vulnerabilities could be exploited remotely to conduct spoofing attacks and plaintext recovery attacks resulting in disclosure of information. References: - CVE-2004-2761 - MD5 Hash Collision Vulnerability - CVE-2013-2566 - SSL/TLS RC4 algorithm vulnerability - CVE-2015-2808 - SSL/TLS RC4 stream vulnerability known as "Bar Mitzvah" SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - Comware 5 (CW5) Products All versions - Comware 7 (CW7) Products All versions BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2004-2761 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2013-2566 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2015-2808 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has released the following mitigation information to resolve the vulnerabilities in HPE Comware 5 and Comware 7 network products. *Note:* Please contact HPE Technical Support for any assistance configuring the recommended settings. **Mitigation for the hash collision vulnerability in the MD5 Algorithm:** + For Comware V7, this issue only exists when the key-type is RSA and the public key length less than 1024 bits. Since the default length of the RSA key is 1024 bits, the length should only have to be set manually if necessary. Example command to set the RSA key length to 1024 bits: public-key rsa general name xxx length 1024 + For Comware V5, this issue only exists when the key-type is RSA. HPE recommends using DSA and ECDSA keys and not an RSA key. **Mitigation for the RC4 vulnerabilities:** HPE recommends disabling RC2 and RC4 ciphers. + For Comware V7, remove the RC2/RC4 ciphers: - exp_rsa_rc2_md5 - exp_rsa_rc4_md5 - rsa_rc4_128_md5 - rsa_rc4_128_sha Example using the *ssl server-policy anamea ciphersuite* command to omit the RC2/RC4 ciphers: ssl server-policy anamea ciphersuite { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | exp_rsa_des_cbc_sha | rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha } Example using the *ssl client-policy anamea prefer-cipher* command to omit the RC2/RC4 ciphers: ssl client-policy anamea prefer-cipher { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | exp_rsa_des_cbc_sha | rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha } + For Comware V5, remove the following RC4 ciphers: - rsa_rc4_128_md5 - rsa_rc4_128_sha Example using the *ssl server-policy anamea ciphersuite* command to omit the RC4 ciphers: ssl server-policy anamea ciphersuite { rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha| rsa_des_cbc_sha } Example using the *ssl client-policy anamea prefer-cipher* command to omit the RC4 ciphers: ssl client-policy anamea prefer-cipher { rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha |rsa_aes_256_cbc_sha | rsa_des_cbc_sha } **COMWARE 5 Products** + **HSR6602 (Comware 5) - Version: See Mitigation** * HP Network Products - JC176A HP 6602 Router Chassis - JG353A HP HSR6602-G Router - JG354A HP HSR6602-XG Router - JG355A HP 6600 MCP-X1 Router Main Processing Unit - JG356A HP 6600 MCP-X2 Router Main Processing Unit - JG776A HP HSR6602-G TAA-compliant Router - JG777A HP HSR6602-XG TAA-compliant Router - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit + **HSR6800 (Comware 5) - Version: See Mitigation** * HP Network Products - JG361A HP HSR6802 Router Chassis - JG361B HP HSR6802 Router Chassis - JG362A HP HSR6804 Router Chassis - JG362B HP HSR6804 Router Chassis - JG363A HP HSR6808 Router Chassis - JG363B HP HSR6808 Router Chassis - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit + **MSR20 (Comware 5) - Version: See Mitigation** * HP Network Products - JD432A HP A-MSR20-21 Router - JD662A HP MSR20-20 Router - JD663A HP A-MSR20-21 Router - JD663B HP MSR20-21 Router - JD664A HP MSR20-40 Router - JF228A HP MSR20-40 Router - JF283A HP MSR20-20 Router + **MSR20-1X (Comware 5) - Version: See Mitigation** * HP Network Products - JD431A HP MSR20-10 Router - JD667A HP MSR20-15 IW Multi-Service Router - JD668A HP MSR20-13 Multi-Service Router - JD669A HP MSR20-13 W Multi-Service Router - JD670A HP MSR20-15 A Multi-Service Router - JD671A HP MSR20-15 AW Multi-Service Router - JD672A HP MSR20-15 I Multi-Service Router - JD673A HP MSR20-11 Multi-Service Router - JD674A HP MSR20-12 Multi-Service Router - JD675A HP MSR20-12 W Multi-Service Router - JD676A HP MSR20-12 T1 Multi-Service Router - JF236A HP MSR20-15-I Router - JF237A HP MSR20-15-A Router - JF238A HP MSR20-15-I-W Router - JF239A HP MSR20-11 Router - JF240A HP MSR20-13 Router - JF241A HP MSR20-12 Router - JF806A HP MSR20-12-T Router - JF807A HP MSR20-12-W Router - JF808A HP MSR20-13-W Router - JF809A HP MSR20-15-A-W Router - JF817A HP MSR20-15 Router - JG209A HP MSR20-12-T-W Router (NA) - JG210A HP MSR20-13-W Router (NA) + **MSR 30 (Comware 5) - Version: See Mitigation** * HP Network Products - JD654A HP MSR30-60 POE Multi-Service Router - JD657A HP MSR30-40 Multi-Service Router - JD658A HP MSR30-60 Multi-Service Router - JD660A HP MSR30-20 POE Multi-Service Router - JD661A HP MSR30-40 POE Multi-Service Router - JD666A HP MSR30-20 Multi-Service Router - JF229A HP MSR30-40 Router - JF230A HP MSR30-60 Router - JF232A HP RTMSR3040-AC-OVSAS-H3 - JF235A HP MSR30-20 DC Router - JF284A HP MSR30-20 Router - JF287A HP MSR30-40 DC Router - JF801A HP MSR30-60 DC Router - JF802A HP MSR30-20 PoE Router - JF803A HP MSR30-40 PoE Router - JF804A HP MSR30-60 PoE Router - JG728A HP MSR30-20 TAA-compliant DC Router - JG729A HP MSR30-20 TAA-compliant Router + **MSR 30-16 (Comware 5) - Version: See Mitigation** * HP Network Products - JD659A HP MSR30-16 POE Multi-Service Router - JD665A HP MSR30-16 Multi-Service Router - JF233A HP MSR30-16 Router - JF234A HP MSR30-16 PoE Router + **MSR 30-1X (Comware 5) - Version: See Mitigation** * HP Network Products - JF800A HP MSR30-11 Router - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr - JG182A HP MSR30-11E Router - JG183A HP MSR30-11F Router - JG184A HP MSR30-10 DC Router + **MSR 50 (Comware 5) - Version: See Mitigation** * HP Network Products - JD433A HP MSR50-40 Router - JD653A HP MSR50 Processor Module - JD655A HP MSR50-40 Multi-Service Router - JD656A HP MSR50-60 Multi-Service Router - JF231A HP MSR50-60 Router - JF285A HP MSR50-40 DC Router - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply + **MSR 50-G2 (Comware 5) - Version: See Mitigation** * HP Network Products - JD429A HP MSR50 G2 Processor Module - JD429B HP MSR50 G2 Processor Module + **MSR 9XX (Comware 5) - Version: See Mitigation** * HP Network Products - JF812A HP MSR900 Router - JF813A HP MSR920 Router - JF814A HP MSR900-W Router - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr - JG207A HP MSR900-W Router (NA) - JG208A HP MSR920-W Router (NA) + **MSR 93X (Comware 5) - Version: See Mitigation** * HP Network Products - JG511A HP MSR930 Router - JG511B HP MSR930 Router - JG512A HP MSR930 Wireless Router - JG513A HP MSR930 3G Router - JG513B HP MSR930 3G Router - JG514A HP MSR931 Router - JG514B HP MSR931 Router - JG515A HP MSR931 3G Router - JG516A HP MSR933 Router - JG517A HP MSR933 3G Router - JG518A HP MSR935 Router - JG518B HP MSR935 Router - JG519A HP MSR935 Wireless Router - JG520A HP MSR935 3G Router - JG531A HP MSR931 Dual 3G Router - JG531B HP MSR931 Dual 3G Router - JG596A HP MSR930 4G LTE/3G CDMA Router - JG597A HP MSR936 Wireless Router - JG665A HP MSR930 4G LTE/3G WCDMA Global Router - JG704A HP MSR930 4G LTE/3G WCDMA ATT Router - JH009A HP MSR931 Serial (TI) Router - JH010A HP MSR933 G.SHDSL (TI) Router - JH011A HP MSR935 ADSL2+ (TI) Router - JH012A HP MSR930 Wireless 802.11n (NA) Router - JH012B HP MSR930 Wireless 802.11n (NA) Router - JH013A HP MSR935 Wireless 802.11n (NA) Router + **MSR1000 (Comware 5) - Version: See Mitigation** * HP Network Products - JG732A HP MSR1003-8 AC Router + **12500 (Comware 5) - Version: See Mitigation** * HP Network Products - JC072B HP 12500 Main Processing Unit - JC085A HP A12518 Switch Chassis - JC086A HP A12508 Switch Chassis - JC652A HP 12508 DC Switch Chassis - JC653A HP 12518 DC Switch Chassis - JC654A HP 12504 AC Switch Chassis - JC655A HP 12504 DC Switch Chassis - JC808A HP 12500 TAA Main Processing Unit - JF430A HP A12518 Switch Chassis - JF430B HP 12518 Switch Chassis - JF430C HP 12518 AC Switch Chassis - JF431A HP A12508 Switch Chassis - JF431B HP 12508 Switch Chassis - JF431C HP 12508 AC Switch Chassis + **9500E (Comware 5) - Version: See Mitigation** * HP Network Products - JC124A HP A9508 Switch Chassis - JC124B HP 9505 Switch Chassis - JC125A HP A9512 Switch Chassis - JC125B HP 9512 Switch Chassis - JC474A HP A9508-V Switch Chassis - JC474B HP 9508-V Switch Chassis + **10500 (Comware 5) - Version: See Mitigation** * HP Network Products - JC611A HP 10508-V Switch Chassis - JC612A HP 10508 Switch Chassis - JC613A HP 10504 Switch Chassis - JC614A HP 10500 Main Processing Unit - JC748A HP 10512 Switch Chassis - JG375A HP 10500 TAA-compliant Main Processing Unit - JG820A HP 10504 TAA-compliant Switch Chassis - JG821A HP 10508 TAA-compliant Switch Chassis - JG822A HP 10508-V TAA-compliant Switch Chassis - JG823A HP 10512 TAA-compliant Switch Chassis + **7500 (Comware 5) - Version: See Mitigation** * HP Network Products - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo - JC697A HP 7502 TAA-compliant Main Processing Unit - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports - JD194A HP 7500 384Gbps Fabric Module - JD194B HP 7500 384Gbps Fabric Module - JD195A HP 7500 384Gbps Advanced Fabric Module - JD196A HP 7502 Fabric Module - JD220A HP 7500 768Gbps Fabric Module - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports - JD238A HP 7510 Switch Chassis - JD238B HP 7510 Switch Chassis - JD239A HP 7506 Switch Chassis - JD239B HP 7506 Switch Chassis - JD240A HP 7503 Switch Chassis - JD240B HP 7503 Switch Chassis - JD241A HP 7506-V Switch Chassis - JD241B HP 7506-V Switch Chassis - JD242A HP 7502 Switch Chassis - JD242B HP 7502 Switch Chassis - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot - JE164A HP E7902 Switch Chassis - JE165A HP E7903 Switch Chassis - JE166A HP E7903 1 Fabric Slot Switch Chassis - JE167A HP E7906 Switch Chassis - JE168A HP E7906 Vertical Switch Chassis - JE169A HP E7910 Switch Chassis + **6125G/XG Blade Switch - Version: See Mitigation** * HP Network Products - 737220-B21 HP 6125G Blade Switch with TAA - 737226-B21 HP 6125G/XG Blade Switch with TAA - 658250-B21 HP 6125G/XG Blade Switch Opt Kit - 658247-B21 HP 6125G Blade Switch Opt Kit + **5830 (Comware 5) - Version: See Mitigation** * HP Network Products - JC691A HP 5830AF-48G Switch with 1 Interface Slot - JC694A HP 5830AF-96G Switch - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot - JG374A HP 5830AF-96G TAA-compliant Switch + **5800 (Comware 5) - Version: See Mitigation** * HP Network Products - JC099A HP 5800-24G-PoE Switch - JC099B HP 5800-24G-PoE+ Switch - JC100A HP 5800-24G Switch - JC100B HP 5800-24G Switch - JC101A HP 5800-48G Switch with 2 Slots - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots - JC103A HP 5800-24G-SFP Switch - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot - JC104A HP 5800-48G-PoE Switch - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot - JC105A HP 5800-48G Switch - JC105B HP 5800-48G Switch with 1 Interface Slot - JG254A HP 5800-24G-PoE+ TAA-compliant Switch - JG254B HP 5800-24G-PoE+ TAA-compliant Switch - JG255A HP 5800-24G TAA-compliant Switch - JG255B HP 5800-24G TAA-compliant Switch - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot - JG225A HP 5800AF-48G Switch - JG225B HP 5800AF-48G Switch - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot - JG219A HP 5820AF-24XG Switch - JG219B HP 5820AF-24XG Switch - JC102A HP 5820-24XG-SFP+ Switch - JC102B HP 5820-24XG-SFP+ Switch + **5500 HI (Comware 5) - Version: See Mitigation** * HP Network Products - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots + **5500 EI (Comware 5) - Version: See Mitigation** * HP Network Products - JD373A HP 5500-24G DC EI Switch - JD374A HP 5500-24G-SFP EI Switch - JD375A HP 5500-48G EI Switch - JD376A HP 5500-48G-PoE EI Switch - JD377A HP 5500-24G EI Switch - JD378A HP 5500-24G-PoE EI Switch - JD379A HP 5500-24G-SFP DC EI Switch - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots + **4800G (Comware 5) - Version: See Mitigation** * HP Network Products - JD007A HP 4800-24G Switch - JD008A HP 4800-24G-PoE Switch - JD009A HP 4800-24G-SFP Switch - JD010A HP 4800-48G Switch - JD011A HP 4800-48G-PoE Switch + **5500SI (Comware 5) - Version: See Mitigation** * HP Network Products - JD369A HP 5500-24G SI Switch - JD370A HP 5500-48G SI Switch - JD371A HP 5500-24G-PoE SI Switch - JD372A HP 5500-48G-PoE SI Switch - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots + **4500G (Comware 5) - Version: See Mitigation** * HP Network Products - JF428A HP 4510-48G Switch - JF847A HP 4510-24G Switch + **5120 EI (Comware 5) - Version: See Mitigation** * HP Network Products - JE066A HP 5120-24G EI Switch - JE067A HP 5120-48G EI Switch - JE068A HP 5120-24G EI Switch with 2 Interface Slots - JE069A HP 5120-48G EI Switch with 2 Interface Slots - JE070A HP 5120-24G-PoE EI 2-slot Switch - JE071A HP 5120-48G-PoE EI 2-slot Switch - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots + **4210G (Comware 5) - Version: See Mitigation** * HP Network Products - JF844A HP 4210-24G Switch - JF845A HP 4210-48G Switch - JF846A HP 4210-24G-PoE Switch + **5120 SI (Comware 5) - Version: See Mitigation** * HP Network Products - JE072A HP 5120-48G SI Switch - JE072B HPE 5120 48G SI Switch - JE073A HP 5120-16G SI Switch - JE073B HPE 5120 16G SI Switch - JE074A HP 5120-24G SI Switch - JE074B HPE 5120 24G SI Switch - JG091A HP 5120-24G-PoE+ (370W) SI Switch - JG091B HPE 5120 24G PoE+ (370W) SI Switch - JG092A HP 5120-24G-PoE+ (170W) SI Switch - JG309B HPE 5120 8G PoE+ (180W) SI Switch - JG310B HPE 5120 8G PoE+ (65W) SI Switch + **3610 (Comware 5) - Version: See Mitigation** * HP Network Products - JD335A HP 3610-48 Switch - JD336A HP 3610-24-4G-SFP Switch - JD337A HP 3610-24-2G-2G-SFP Switch - JD338A HP 3610-24-SFP Switch + **3600V2 (Comware 5) - Version: See Mitigation** * HP Network Products - JG299A HP 3600-24 v2 EI Switch - JG299B HP 3600-24 v2 EI Switch - JG300A HP 3600-48 v2 EI Switch - JG300B HP 3600-48 v2 EI Switch - JG301A HP 3600-24-PoE+ v2 EI Switch - JG301B HP 3600-24-PoE+ v2 EI Switch - JG301C HP 3600-24-PoE+ v2 EI Switch - JG302A HP 3600-48-PoE+ v2 EI Switch - JG302B HP 3600-48-PoE+ v2 EI Switch - JG302C HP 3600-48-PoE+ v2 EI Switch - JG303A HP 3600-24-SFP v2 EI Switch - JG303B HP 3600-24-SFP v2 EI Switch - JG304A HP 3600-24 v2 SI Switch - JG304B HP 3600-24 v2 SI Switch - JG305A HP 3600-48 v2 SI Switch - JG305B HP 3600-48 v2 SI Switch - JG306A HP 3600-24-PoE+ v2 SI Switch - JG306B HP 3600-24-PoE+ v2 SI Switch - JG306C HP 3600-24-PoE+ v2 SI Switch - JG307A HP 3600-48-PoE+ v2 SI Switch - JG307B HP 3600-48-PoE+ v2 SI Switch - JG307C HP 3600-48-PoE+ v2 SI Switch + **3100V2-48 (Comware 5) - Version: See Mitigation** * HP Network Products - JG315A HP 3100-48 v2 Switch - JG315B HP 3100-48 v2 Switch + **HP870 (Comware 5) - Version: See Mitigation** * HP Network Products - JG723A HP 870 Unified Wired-WLAN Appliance - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance + **HP850 (Comware 5) - Version: See Mitigation** * HP Network Products - JG722A HP 850 Unified Wired-WLAN Appliance - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance + **HP830 (Comware 5) - Version: See Mitigation** * HP Network Products - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant + **HP6000 (Comware 5) - Version: See Mitigation** * HP Network Products - JG639A HP 10500/7500 20G Unified Wired-WLAN Module - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module + **WX5004-EI (Comware 5) - Version: See Mitigation** * HP Network Products - JD447B HP WX5002 Access Controller - JD448A HP WX5004 Access Controller - JD448B HP WX5004 Access Controller - JD469A HP WX5004 Access Controller + **SecBlade FW (Comware 5) - Version: See Mitigation** * HP Network Products - JC635A HP 12500 VPN Firewall Module - JD245A HP 9500 VPN Firewall Module - JD249A HP 10500/7500 Advanced VPN Firewall Module - JD250A HP 6600 Firewall Processing Router Module - JD251A HP 8800 Firewall Processing Module - JD255A HP 5820 VPN Firewall Module + **F1000-E (Comware 5) - Version: See Mitigation** * HP Network Products - JD272A HP F1000-E VPN Firewall Appliance + **F1000-A-EI (Comware 5) - Version: See Mitigation** * HP Network Products - JG214A HP F1000-A-EI VPN Firewall Appliance + **F1000-S-EI (Comware 5) - Version: See Mitigation** * HP Network Products - JG213A HP F1000-S-EI VPN Firewall Appliance + **F5000-A (Comware 5) - Version: See Mitigation** * HP Network Products - JD259A HP A5000-A5 VPN Firewall Chassis - JG215A HP F5000 Firewall Main Processing Unit - JG216A HP F5000 Firewall Standalone Chassis + **U200S and CS (Comware 5) - Version: See Mitigation** * HP Network Products - JD273A HP U200-S UTM Appliance + **U200A and M (Comware 5) - Version: See Mitigation** * HP Network Products - JD275A HP U200-A UTM Appliance + **F5000-C/S (Comware 5) - Version: See Mitigation** * HP Network Products - JG650A HP F5000-C VPN Firewall Appliance - JG370A HP F5000-S VPN Firewall Appliance + **SecBlade III (Comware 5) - Version: See Mitigation** * HP Network Products - JG371A HP 12500 20Gbps VPN Firewall Module - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC177A HP 6608 Router - JC177B HP 6608 Router Chassis - JC178A HP 6604 Router Chassis - JC178B HP 6604 Router Chassis - JC496A HP 6616 Router Chassis - JC566A HP 6600 RSE-X1 Router Main Processing Unit - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC165A HP 6600 RPE-X1 Router Module - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit + **6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC176A HP 6602 Router Chassis + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC177A HP 6608 Router - JC177B HP 6608 Router Chassis - JC178A HP 6604 Router Chassis - JC178B HP 6604 Router Chassis - JC496A HP 6616 Router Chassis - JG353A HP HSR6602-G Router - JG354A HP HSR6602-XG Router - JG355A HP 6600 MCP-X1 Router Main Processing Unit - JG356A HP 6600 MCP-X2 Router Main Processing Unit - JG776A HP HSR6602-G TAA-compliant Router - JG777A HP HSR6602-XG TAA-compliant Router - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JG361A HP HSR6802 Router Chassis - JG361B HP HSR6802 Router Chassis - JG362A HP HSR6804 Router Chassis - JG362B HP HSR6804 Router Chassis - JG363A HP HSR6808 Router Chassis - JG363B HP HSR6808 Router Chassis - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit + **SMB1910 (Comware 5) - Version: See Mitigation** * HP Network Products - JG540A HP 1910-48 Switch - JG539A HP 1910-24-PoE+ Switch - JG538A HP 1910-24 Switch - JG537A HP 1910-8 -PoE+ Switch - JG536A HP 1910-8 Switch + **SMB1920 (Comware 5) - Version: See Mitigation** * HP Network Products - JG928A HP 1920-48G-PoE+ (370W) Switch - JG927A HP 1920-48G Switch - JG926A HP 1920-24G-PoE+ (370W) Switch - JG925A HP 1920-24G-PoE+ (180W) Switch - JG924A HP 1920-24G Switch - JG923A HP 1920-16G Switch - JG922A HP 1920-8G-PoE+ (180W) Switch - JG921A HP 1920-8G-PoE+ (65W) Switch - JG920A HP 1920-8G Switch + **V1910 (Comware 5) - Version: See Mitigation** * HP Network Products - JE005A HP 1910-16G Switch - JE006A HP 1910-24G Switch - JE007A HP 1910-24G-PoE (365W) Switch - JE008A HP 1910-24G-PoE(170W) Switch - JE009A HP 1910-48G Switch - JG348A HP 1910-8G Switch - JG349A HP 1910-8G-PoE+ (65W) Switch - JG350A HP 1910-8G-PoE+ (180W) Switch + **SMB 1620 (Comware 5) - Version: See Mitigation** * HP Network Products - JG914A HP 1620-48G Switch - JG913A HP 1620-24G Switch - JG912A HP 1620-8G Switch **COMWARE 7 Products** + **12500 (Comware 7) - Version: See Mitigation** * HP Network Products - JC072B HP 12500 Main Processing Unit - JC085A HP A12518 Switch Chassis - JC086A HP A12508 Switch Chassis - JC652A HP 12508 DC Switch Chassis - JC653A HP 12518 DC Switch Chassis - JC654A HP 12504 AC Switch Chassis - JC655A HP 12504 DC Switch Chassis - JF430A HP A12518 Switch Chassis - JF430B HP 12518 Switch Chassis - JF430C HP 12518 AC Switch Chassis - JF431A HP A12508 Switch Chassis - JF431B HP 12508 Switch Chassis - JF431C HP 12508 AC Switch Chassis - JG497A HP 12500 MPU w/Comware V7 OS - JG782A HP FF 12508E AC Switch Chassis - JG783A HP FF 12508E DC Switch Chassis - JG784A HP FF 12518E AC Switch Chassis - JG785A HP FF 12518E DC Switch Chassis - JG802A HP FF 12500E MPU + **10500 (Comware 7) - Version: See Mitigation** * HP Network Products - JC611A HP 10508-V Switch Chassis - JC612A HP 10508 Switch Chassis - JC613A HP 10504 Switch Chassis - JC748A HP 10512 Switch Chassis - JG608A HP FlexFabric 11908-V Switch Chassis - JG609A HP FlexFabric 11900 Main Processing Unit - JG820A HP 10504 TAA Switch Chassis - JG821A HP 10508 TAA Switch Chassis - JG822A HP 10508-V TAA Switch Chassis - JG823A HP 10512 TAA Switch Chassis - JG496A HP 10500 Type A MPU w/Comware v7 OS - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit + **12900 (Comware 7) - Version: See Mitigation** * HP Network Products - JG619A HP FlexFabric 12910 Switch AC Chassis - JG621A HP FlexFabric 12910 Main Processing Unit - JG632A HP FlexFabric 12916 Switch AC Chassis - JG634A HP FlexFabric 12916 Main Processing Unit - JH104A HP FlexFabric 12900E Main Processing Unit - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit - JH263A HP FlexFabric 12904E Main Processing Unit - JH255A HP FlexFabric 12908E Switch Chassis - JH262A HP FlexFabric 12904E Switch Chassis - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis - JH103A HP FlexFabric 12916E Switch Chassis + **5900 (Comware 7) - Version: See Mitigation** * HP Network Products - JC772A HP 5900AF-48XG-4QSFP+ Switch - JG296A HP 5920AF-24XG Switch - JG336A HP 5900AF-48XGT-4QSFP+ Switch - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch - JG555A HP 5920AF-24XG TAA Switch - JG838A HP FF 5900CP-48XG-4QSFP+ Switch - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant + **MSR1000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG875A HP MSR1002-4 AC Router - JH060A HP MSR1003-8S AC Router + **MSR2000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG411A HP MSR2003 AC Router - JG734A HP MSR2004-24 AC Router - JG735A HP MSR2004-48 Router - JG866A HP MSR2003 TAA-compliant AC Router + **MSR3000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG404A HP MSR3064 Router - JG405A HP MSR3044 Router - JG406A HP MSR3024 AC Router - JG407A HP MSR3024 DC Router - JG408A HP MSR3024 PoE Router - JG409A HP MSR3012 AC Router - JG410A HP MSR3012 DC Router - JG861A HP MSR3024 TAA-compliant AC Router + **MSR4000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG402A HP MSR4080 Router Chassis - JG403A HP MSR4060 Router Chassis - JG412A HP MSR4000 MPU-100 Main Processing Unit - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit + **VSR (Comware 7) - Version: See Mitigation** * HP Network Products - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software - JG811AAE HP VSR1001 Comware 7 Virtual Services Router - JG812AAE HP VSR1004 Comware 7 Virtual Services Router - JG813AAE HP VSR1008 Comware 7 Virtual Services Router + **7900 (Comware 7) - Version: See Mitigation** * HP Network Products - JG682A HP FlexFabric 7904 Switch Chassis - JG841A HP FlexFabric 7910 Switch Chassis - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit + **5130 (Comware 7) - Version: See Mitigation** * HP Network Products - JG932A HP 5130-24G-4SFP+ EI Switch - JG933A HP 5130-24G-SFP-4SFP+ EI Switch - JG934A HP 5130-48G-4SFP+ EI Switch - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch - JG938A HP 5130-24G-2SFP+-2XGT EI Switch - JG939A HP 5130-48G-2SFP+-2XGT EI Switch - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch - JG975A HP 5130-24G-4SFP+ EI Brazil Switch - JG976A HP 5130-48G-4SFP+ EI Brazil Switch - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch + **6125XLG - Version: See Mitigation** * HP Network Products - 711307-B21 HP 6125XLG Blade Switch - 737230-B21 HP 6125XLG Blade Switch with TAA + **6127XLG - Version: See Mitigation** * HP Network Products - 787635 HP 6127XLG Blade Switch Opt Kit + **Moonshot - Version: See Mitigation** * HP Network Products - 786617-B21 - HP Moonshot-45Gc Switch Module - 704654-B21 - HP Moonshot-45XGc Switch Module - 786619-B21 - HP Moonshot-180XGc Switch Module + **5700 (Comware 7) - Version: See Mitigation** * HP Network Products - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch + **5930 (Comware 7) - Version: See Mitigation** * HP Network Products - JG726A HP FlexFabric 5930 32QSFP+ Switch - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch - JH179A HP FlexFabric 5930 4-slot Switch - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch + **HSR6600 (Comware 7) - Version: See Mitigation** * HP Network Products - JG353A HP HSR6602-G Router - JG354A HP HSR6602-XG Router - JG776A HP HSR6602-G TAA-compliant Router - JG777A HP HSR6602-XG TAA-compliant Router + **HSR6800 (Comware 7) - Version: See Mitigation** * HP Network Products - JG361A HP HSR6802 Router Chassis - JG361B HP HSR6802 Router Chassis - JG362A HP HSR6804 Router Chassis - JG362B HP HSR6804 Router Chassis - JG363A HP HSR6808 Router Chassis - JG363B HP HSR6808 Router Chassis - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit + **1950 (Comware 7) - Version: See Mitigation** * HP Network Products - JG960A HP 1950-24G-4XG Switch - JG961A HP 1950-48G-2SFP+-2XGT Switch - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch + **7500 (Comware 7) - Version: See Mitigation** * HP Network Products - JD238C HP 7510 Switch Chassis - JD239C HP 7506 Switch Chassis - JD240C HP 7503 Switch Chassis - JD242C HP 7502 Switch Chassis - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit - JH208A HP 7502 Main Processing Unit - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit + **5950 (Comware 7) - Version: See Mitigation** * HP Network Products - JH321A HPE FlexFabric 5950 32QSFP28 Switch + **5940 (Comware 7) - Version: See Mitigation** * HP Network Products - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch - JH396A HPE FlexFabric 5940 32QSFP+ Switch - JH397A HPE FlexFabric 5940 2-slot Switch - JH398A HPE FlexFabric 5940 4-slot Switch HISTORY Version:1 (rev.1) - 18 November 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJYLytTAAoJELXhAxt7SZaiMjYIAI4xgRNJCPqOZ40XLUNhxYrc HyqTd62PbcGOPTFya1qOo16V94eJ5id5oRHOtcrFjJKtDedDS6OoAe5HWYXvLEI3 0fEzCNjk9aHTcvuf2t17MGhS0Fk2JrZ0191RFONKuEkqgMmK0d44SGMrVXSA28Dj phW1dzm1HiJO0NPUOa+cYMhNt0+I7b+ulD6FdldNdqx4fNtlXiHvcRbF4Wffe2hD N2hlvx1Wu1iu2g75XPNPOPYhDRkyAm79P2HZGCUohQlhWsRgcJRnubojJBr7CMf9 2Ud7MwYL4jTKK/mFdim4ej/hwPn3SCb5ekhTUBFDlu2J2DjUYi2xDQgyQkhuUIg= =NGQO -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-740-1 March 17, 2009 nss, firefox vulnerability CVE-2004-2761 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libnss3 1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2 Ubuntu 7.10: libnss3-0d 3.11.5-3ubuntu0.7.10.2 Ubuntu 8.04 LTS: libnss3-0d 3.12.0.3-0ubuntu0.8.04.5 libnss3-1d 3.12.0.3-0ubuntu0.8.04.5 Ubuntu 8.10: libnss3-1d 3.12.0.3-0ubuntu5.8.10.1 After a standard system upgrade you need to restart your session to effect the necessary changes. This update blacklists the proof of concept rogue certificate authority as discussed in http://www.win.tue.nl/hashclash/rogue-ca/. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.diff.gz Size/MD5: 188837 84bf6c0e34576e50daab0284028533bb http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.dsc Size/MD5: 2389 abbe8becc260777f55315eb565f8d732 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k.orig.tar.gz Size/MD5: 48504132 171958941a2ca0562039add097278245 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb Size/MD5: 53898 025eab1318c7a90e48fb0a927bbbd433 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb Size/MD5: 53014 87135a54ac04ea95a0a3c7dccb8a4d4e amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 47681092 19a313089bf1da267950c8f5b8d2d2df http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 2859292 f6a4b48f0e0e3250d83f0bf4183836f7 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 86270 0bd3983f76c7474d37018f26eee721f4 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 9494334 91c75d6baf740531224bed258c6622b9 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 222572 2779237df4dc1c30d8d2c01623eef1e3 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 166118 862f4a02164840c1d94228a396c2688c http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 248116 183208d5e43c3ddc117d6cbefc54a472 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 826574 2ff813a52cac4b3392f056b145129821 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb Size/MD5: 218858 2fcc1d909f4fdafaced1b1f737f83bf1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 44228668 5a244b5b731d0d703cb573e2db10b74b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 2859256 274033babbff1131a391ca71c19a6e6b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 78600 3e86ec8d1b73b8f7b822f12aaa56451a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 7997718 56cb9f85d34aa86721dcc36414b8f0e9 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 222564 14edfb722d08b49930b901114b841c81 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 150606 fa56606c4d002559ee41e965299b523a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 248106 58139d67e47359f9cb056ad29292d06d http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 717824 ce294179ee0e0fcdea589e751548f04e http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb Size/MD5: 212058 b3874b6f769aeafedce238b9a15e7b09 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 49085684 a4ea3920e8120e9dc7138cf8e8595aa4 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 2859352 dac458ed9e848ba8c64d0e18071149f8 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 81686 228d420fc876cb95b6edad70d58c2c48 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 9113232 7ba2b92dad312ca9d2186dac6380d638 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 222564 9e89e2cc261f1c1b43e0b765e140d3d5 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 163310 3ddb28abafbffe0943e25f48267df5f1 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 248128 94da18de9bba74798a5ae257e85d882b http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 817522 eb53d37dea9fce55780abda44b94ca89 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb Size/MD5: 215556 779f90ccb4534487d2274536ac9279dd sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 45629214 b30a5365e327c4366ae3ea2b393e1d78 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 2859296 c7f225dc39717d6156b9163c7a8ddda0 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 80180 51ca826844fa46702feb9bbeb5c6e999 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 8499070 ee1fd111aa113ac50e5ea42dc85e1e77 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 222590 6a5621015d57ffbd93f92a8552d98e54 http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 153210 b7c4a9074a678fcaf70a4db7bcb8fd5d http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 248150 1273ab06f98bf861e4e66985add8685a http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 728698 cd5ba0f693710a604274d327d4724c88 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb Size/MD5: 213030 fe7a017cd7f4a8a9064372e51f903263 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.diff.gz Size/MD5: 23735 2c3b55fe3f316790d2174a56709723ad http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.dsc Size/MD5: 1925 9d9a2fa42ff8dcb452761d66e3238ef6 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5.orig.tar.gz Size/MD5: 3696893 1add44e6a41dbf5091cfd000f19ad6b9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_amd64.deb Size/MD5: 3143890 dad0155f293aff8a59d42086cef022c3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_amd64.deb Size/MD5: 799588 70d491944efd2ce20cb839da11030b0e http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_amd64.deb Size/MD5: 241342 567c357ea31e0e1729db4738822aa7b0 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_amd64.deb Size/MD5: 656372 a6868f642b5c295236c7df01dbc3f2d9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_i386.deb Size/MD5: 2995870 d4ea291de433c1768148f35a4f40e596 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_i386.deb Size/MD5: 723166 81b970c37e37b2bfe13bf8edf8b8c2df http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_i386.deb Size/MD5: 238436 a901d3b0431faa6bfd4d8b732fc6b8ed http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_i386.deb Size/MD5: 605568 f7a02ba6c2e65c2e3644f81e2e5add33 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_lpia.deb Size/MD5: 3213428 32f032e4c5ebc8383d334e2de5b1e0b5 http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_lpia.deb Size/MD5: 709556 606d9ee62127ecad6620ce6ee2a351c1 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_lpia.deb Size/MD5: 237148 526eb9b27871cee224d480ce8483d015 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_lpia.deb Size/MD5: 596394 35c4ef7f97a6934947760236b119d1f1 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_powerpc.deb Size/MD5: 3168400 13560d02da9c481147177504476a3f21 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_powerpc.deb Size/MD5: 807892 5a0232d184bb4d87811974d61a902e17 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_powerpc.deb Size/MD5: 240514 9cfb4b3bace2f033b7c55ba571d0c4a1 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_powerpc.deb Size/MD5: 645362 ccd118c24941759b0c2e758ae60b4ba5 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_sparc.deb Size/MD5: 2834042 f884524281d9521e07b60c8bf9aa8074 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_sparc.deb Size/MD5: 718096 906896f0101a88bd6cb78ffdb103fe0e http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_sparc.deb Size/MD5: 235222 f679c8d076c15860a41c1e16b1d69ded http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_sparc.deb Size/MD5: 576390 75811d5dc9ddd1eca108bc50ffe3e911 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.diff.gz Size/MD5: 38918 6fda80e067b0f84e323b3556b5f9dd18 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.dsc Size/MD5: 2001 e9365c71192c0e568d5dd9891708e436 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3.orig.tar.gz Size/MD5: 5161407 9e96418400e073f982e83c235718c4e9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb Size/MD5: 17910 7933180f37ce55969719730463fef4cb http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_amd64.deb Size/MD5: 4511304 1a241985ee6673075b8610bbb2be2902 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb Size/MD5: 1135226 fcc9b7555aac5a0ef0260aa639b7421a http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_amd64.deb Size/MD5: 256738 992898a7cce94822e29a3e0d5d318e46 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_amd64.deb Size/MD5: 813730 542b82a7837b4a43191fd5862a97699e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_i386.deb Size/MD5: 17894 3ea3554784b1242ce89f96bb631d0c4d http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_i386.deb Size/MD5: 4294520 d7eb7d334bd821d887e24d76d8e2804f http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_i386.deb Size/MD5: 1017710 7afd17b32bc5ce80babf2405488997e8 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_i386.deb Size/MD5: 253724 f7f8ad3723f384a657907016b8476c35 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_i386.deb Size/MD5: 741278 ed53c68732f059a90a35310b68c4be88 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb Size/MD5: 17874 5e1a506010c923ba8a41129fef693344 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_lpia.deb Size/MD5: 4322188 cd5765f42aaffa32e20b0ac0510d9b6c http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb Size/MD5: 993934 313d088bd4a0a44fe05b762e33ef927d http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_lpia.deb Size/MD5: 252500 dcaf82868eaa0e3162a6a49fb6f512be http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_lpia.deb Size/MD5: 719648 8e422c9ee3dd5a062f547d36d6e2725c powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb Size/MD5: 20352 144b270c8fc23407e1da27112151c952 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb Size/MD5: 4440132 f89a7f34a199abd8e0d840bb011ca5bf http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb Size/MD5: 1115852 d88c0295406e468f7ac1c087edb661dd http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb Size/MD5: 255446 4eef63577fbaa5b611b0d9064c47ac6c http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb Size/MD5: 777064 83ad19b301d2c1eceef6682cbad5a00d sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb Size/MD5: 17976 c763ceebcc3bf6371477809a8589cebf http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_sparc.deb Size/MD5: 4038136 bbb4ff75f73844f33727fada2ca730b4 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb Size/MD5: 995598 2785d368bbb6665eee586ac3fc3e453e http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_sparc.deb Size/MD5: 250450 a972e1131466d149480a574a57537c37 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_sparc.deb Size/MD5: 702432 d16a1353ba80d7104820f97c4f712334 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.diff.gz Size/MD5: 38881 8be9f8eb187a657a743e115f58dbb58b http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.dsc Size/MD5: 2001 88381f73650cd5c2c369f387638ec40d http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3.orig.tar.gz Size/MD5: 5161407 9e96418400e073f982e83c235718c4e9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_amd64.deb Size/MD5: 4696732 5e2844909ee8896f71548c37f7ab711f http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb Size/MD5: 1182642 6f73554c7970e2c0e3da7dcddf8d4d7f http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_amd64.deb Size/MD5: 256520 808f5ff374081b1fd7f981699e267828 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb Size/MD5: 17962 63411a0d50d9fa340f688c7a5cec33ae http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_amd64.deb Size/MD5: 824382 367bbe2bf29f17c4fa5b085142e0bc8f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_i386.deb Size/MD5: 4450042 bb8560c5208a6f4d2a121a93d7ff7bac http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_i386.deb Size/MD5: 1054914 1f7cbdc5e0776b8c2fc92241776bd96e http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_i386.deb Size/MD5: 253554 c1cc8fff73ef7b34dadc6fea411bc7db http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_i386.deb Size/MD5: 17940 b3577f334ed9f5a95c6fdbdd4de83ef4 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_i386.deb Size/MD5: 752462 703f7bd356efc312f216e361209ef3a7 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_lpia.deb Size/MD5: 4482980 c27f13a5f5aba10c93b2dda917c1ba31 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb Size/MD5: 1029092 3b2805f79d61b595907187846da18a54 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_lpia.deb Size/MD5: 252140 06b18884a6e275a5fc9a73abd1464875 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb Size/MD5: 17914 28d1eeaac6ba2f9c17da9a9a6ea35fdd http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_lpia.deb Size/MD5: 730786 e1497e0cbdf8d7c3ac4c6e80e86837bf powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb Size/MD5: 4659468 ceb162226c93c950c71d2f0236b9d53e http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb Size/MD5: 1137358 f61287d145339ece156686d86a971480 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb Size/MD5: 255312 d7787174c0d6b25467b0f1262306be06 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb Size/MD5: 20352 082622bc3e21161a1085695bd4f8f961 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb Size/MD5: 775316 78ca70e113bd97d42f62e19e0ac8fdb1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_sparc.deb Size/MD5: 4168250 b9f3c0b8eab76476c9bb057b43d9df40 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb Size/MD5: 1015340 5dd83c288df733b6a84247b48d945647 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_sparc.deb Size/MD5: 250138 f6a1dd454cc44a4684ab288e9eadde56 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb Size/MD5: 18068 27f0453909db6eda6d8ffd3ef35454c9 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_sparc.deb Size/MD5: 703524 e87fca0b128626aebf5bce77473ee8e0
var-202001-1433 When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Firefox and Thunderbird Contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ========================================================================= Ubuntu Security Notice USN-4203-2 November 27, 2019 nss vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: NSS could be made to crash or run programs if it received specially crafted input. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that NSS incorrectly handled certain memory operations. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Network Security Service: Multiple vulnerabilities Date: March 16, 2020 Bugs: #627534, #676868, #701840 ID: 202003-37 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Network Security Service (NSS), the worst of which may lead to arbitrary code execution. Please review the CVE identifiers referenced below for details. Impact ====== An attacker could execute arbitrary code, cause a Denial of Service condition or have other unspecified impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Network Security Service (NSS) users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.49" References ========== [ 1 ] CVE-2017-11695 https://nvd.nist.gov/vuln/detail/CVE-2017-11695 [ 2 ] CVE-2017-11696 https://nvd.nist.gov/vuln/detail/CVE-2017-11696 [ 3 ] CVE-2017-11697 https://nvd.nist.gov/vuln/detail/CVE-2017-11697 [ 4 ] CVE-2017-11698 https://nvd.nist.gov/vuln/detail/CVE-2017-11698 [ 5 ] CVE-2018-18508 https://nvd.nist.gov/vuln/detail/CVE-2018-18508 [ 6 ] CVE-2019-11745 https://nvd.nist.gov/vuln/detail/CVE-2019-11745 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-37 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: nss, nss-softokn, nss-util security update Advisory ID: RHSA-2019:4190-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:4190 Issue date: 2019-12-10 CVE Names: CVE-2019-11729 CVE-2019-11745 ==================================================================== 1. Summary: An update for nss, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) * nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1728437 - CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault 1774831 - CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm ppc64: nss-3.44.0-7.el7_7.ppc.rpm nss-3.44.0-7.el7_7.ppc64.rpm nss-debuginfo-3.44.0-7.el7_7.ppc.rpm nss-debuginfo-3.44.0-7.el7_7.ppc64.rpm nss-devel-3.44.0-7.el7_7.ppc.rpm nss-devel-3.44.0-7.el7_7.ppc64.rpm nss-softokn-3.44.0-8.el7_7.ppc.rpm nss-softokn-3.44.0-8.el7_7.ppc64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.ppc.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.ppc64.rpm nss-softokn-devel-3.44.0-8.el7_7.ppc.rpm nss-softokn-devel-3.44.0-8.el7_7.ppc64.rpm nss-softokn-freebl-3.44.0-8.el7_7.ppc.rpm nss-softokn-freebl-3.44.0-8.el7_7.ppc64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64.rpm nss-sysinit-3.44.0-7.el7_7.ppc64.rpm nss-tools-3.44.0-7.el7_7.ppc64.rpm nss-util-3.44.0-4.el7_7.ppc.rpm nss-util-3.44.0-4.el7_7.ppc64.rpm nss-util-debuginfo-3.44.0-4.el7_7.ppc.rpm nss-util-debuginfo-3.44.0-4.el7_7.ppc64.rpm nss-util-devel-3.44.0-4.el7_7.ppc.rpm nss-util-devel-3.44.0-4.el7_7.ppc64.rpm ppc64le: nss-3.44.0-7.el7_7.ppc64le.rpm nss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm nss-devel-3.44.0-7.el7_7.ppc64le.rpm nss-softokn-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-devel-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-freebl-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64le.rpm nss-sysinit-3.44.0-7.el7_7.ppc64le.rpm nss-tools-3.44.0-7.el7_7.ppc64le.rpm nss-util-3.44.0-4.el7_7.ppc64le.rpm nss-util-debuginfo-3.44.0-4.el7_7.ppc64le.rpm nss-util-devel-3.44.0-4.el7_7.ppc64le.rpm s390x: nss-3.44.0-7.el7_7.s390.rpm nss-3.44.0-7.el7_7.s390x.rpm nss-debuginfo-3.44.0-7.el7_7.s390.rpm nss-debuginfo-3.44.0-7.el7_7.s390x.rpm nss-devel-3.44.0-7.el7_7.s390.rpm nss-devel-3.44.0-7.el7_7.s390x.rpm nss-softokn-3.44.0-8.el7_7.s390.rpm nss-softokn-3.44.0-8.el7_7.s390x.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.s390.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.s390x.rpm nss-softokn-devel-3.44.0-8.el7_7.s390.rpm nss-softokn-devel-3.44.0-8.el7_7.s390x.rpm nss-softokn-freebl-3.44.0-8.el7_7.s390.rpm nss-softokn-freebl-3.44.0-8.el7_7.s390x.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.s390.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.s390x.rpm nss-sysinit-3.44.0-7.el7_7.s390x.rpm nss-tools-3.44.0-7.el7_7.s390x.rpm nss-util-3.44.0-4.el7_7.s390.rpm nss-util-3.44.0-4.el7_7.s390x.rpm nss-util-debuginfo-3.44.0-4.el7_7.s390.rpm nss-util-debuginfo-3.44.0-4.el7_7.s390x.rpm nss-util-devel-3.44.0-4.el7_7.s390.rpm nss-util-devel-3.44.0-4.el7_7.s390x.rpm x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: nss-debuginfo-3.44.0-7.el7_7.ppc.rpm nss-debuginfo-3.44.0-7.el7_7.ppc64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.ppc.rpm nss-pkcs11-devel-3.44.0-7.el7_7.ppc64.rpm ppc64le: nss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm nss-pkcs11-devel-3.44.0-7.el7_7.ppc64le.rpm s390x: nss-debuginfo-3.44.0-7.el7_7.s390.rpm nss-debuginfo-3.44.0-7.el7_7.s390x.rpm nss-pkcs11-devel-3.44.0-7.el7_7.s390.rpm nss-pkcs11-devel-3.44.0-7.el7_7.s390x.rpm x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11729 https://access.redhat.com/security/cve/CVE-2019-11745 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXe/GMNzjgjWX9erEAQjtKBAAk1TZvBRRA8ZC4B0U49uerK/eMM24Q4xR PQWxuobDF/YzpJVZqDolO6CfRTBSnDHEuc/OkK0fC8Yskk0T9cp0DWAkHnUal0wB Zmd61xW4IGSHtEH+g7K8Rv0q8Mto5AeC1hggOwT+0INvRAAa/Qm0c7m0+OSyLIZi lgk9DLa+srY/6Z2wETS4b7DQiUA2nXegb7CbbnM0Mo2aooPeljsq6pkvyZy2Na0/ MMl/Xo8BWqU0lGrIBgVmrNRLMVkDJfVm7wSvBLaYk9EP758DfRLikm+GpGCowFUf +60rIxp1iG4Hto7BqusUwmJmdw6fDGeoJSX/qQu3ZHFbpEsd9HCzzGKg9QFmF/yY N4RWrM4KRMwqHG4qTpDYypKDn5QCGzh1dZuYQJ2gYLmHCBnTzrV0bDJtrzbUWwTx eFX1YLv4Vw6oYwT1cAx3Ho2B3kpufVezAzfUhtw8uj20Ix1B0NHDcCszNAFWrE8T QZ4BVVAzjl6xJoZSnjIQ+aBe3zVBW5P6yBhnqWUxS0VuGS3gbS6uPBMusr81sGK6 TjvPP+l8Ss6DQJic42+xruw8g8XqDqnUv3V12iTcOhqPtM7vmzExdMX5wXJ48lo9 Yl6UYkr6P4pM/vNQjgqD7UGud2ILthlwKzqdg9l4DZiA4pctAvAQtgEaL6783OK6 7R6thlrPkII=KHlQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64 3. 8) - aarch64, ppc64le, s390x, x86_64 3. 8.0) - ppc64le, x86_64 3. For the stable distribution (buster), these problems have been fixed in version 2:3.42.1-1+deb10u2. We recommend that you upgrade your nss packages. For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8 TjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj sSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl Bt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq jG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH UTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0 hR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o DpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F 8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co TgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz Z4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5 yOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw= =QZmZ -----END PGP SIGNATURE-----
var-202109-1804 A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). The server is fast, reliable and extensible through a simple API. Apache HTTP Server has a denial of service vulnerability in versions 2.4.30 to 2.4.48, which is caused by the network system or product not properly validating the input data. An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated malicious user to crash the service through a crafted request. The highest threat from this vulnerability is to system availability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd24-httpd security and bug fix update Advisory ID: RHSA-2022:6753-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:6753 Issue date: 2022-09-29 CVE Names: CVE-2021-33193 CVE-2021-34798 CVE-2021-36160 CVE-2021-39275 CVE-2021-44224 CVE-2022-22719 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 ===================================================================== 1. Summary: An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Security Fix(es): * httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943) * httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193) * httpd: NULL pointer dereference via malformed requests (CVE-2021-34798) * httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160) * httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275) * httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224) * httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719) * httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721) * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377) * httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404) * httpd: mod_sed: DoS vulnerability (CVE-2022-30522) * httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813) * httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614) * httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615) * httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319) Additional changes: * To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB. On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code. If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use: LimitRequestBody 2147483648 Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations 2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095002 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match() 2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm ppc64le: httpd24-httpd-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-devel-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-tools-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_ldap-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_session-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_ssl-2.4.34-23.el7.5.ppc64le.rpm s390x: httpd24-httpd-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-devel-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-tools-2.4.34-23.el7.5.s390x.rpm httpd24-mod_ldap-2.4.34-23.el7.5.s390x.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.s390x.rpm httpd24-mod_session-2.4.34-23.el7.5.s390x.rpm httpd24-mod_ssl-2.4.34-23.el7.5.s390x.rpm x86_64: httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm x86_64: httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/cve/CVE-2022-22719 https://access.redhat.com/security/cve/CVE-2022-22721 https://access.redhat.com/security/cve/CVE-2022-23943 https://access.redhat.com/security/cve/CVE-2022-26377 https://access.redhat.com/security/cve/CVE-2022-28614 https://access.redhat.com/security/cve/CVE-2022-28615 https://access.redhat.com/security/cve/CVE-2022-29404 https://access.redhat.com/security/cve/CVE-2022-30522 https://access.redhat.com/security/cve/CVE-2022-30556 https://access.redhat.com/security/cve/CVE-2022-31813 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/6975397 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYzXoqNzjgjWX9erEAQhSKA//d1V5w3Dbdd0R1QxlXMIweLpztJrkXpmN EY7WAFIMy0MG64KNjZFF5i4USpUlCm/tZX/fHZas4JjhZBqLxNSqsOdPeynDqp+8 qZnnGiIhyO37S7x5v89VSaWngLpTi2f0d7RmJ05VJzAP8Q0a9cTqtIZiCsM18tTg BdoD1M/VWUhtPWCzgXiQVI8yF44IOenN2095OCv1Vxc3kiwQdbWcd7Uqz2TgVQ1m qeqh9AHqaDTwHVM9Ipj5oGp1Ue5zsyAEd77ClBCAzP3p7bWucfTErDrUSE3/hkDm H8BlPVPaOsRv0poFvvCODQhccC2bFc3uxoKzfSx+/WwkrU7vO/5/npmOfcwKfvBQ FYqhqADiUcfpJGENligpNAHLI+Pijrl2Tfwl0XbDa8+7KXQ0T75VG3Gq7dFlPcUm 965hFguLI0es2FpGcJldEqsc1XJxdkPmzTYhqDWLLED5X72dwQdtKwhMaFFVctK+ KyspQqaci6bVr9ETF89r0ZBmnxXjSIY7/ijySy0KnldW25t+ZGmLV4pM3CYb7ZVz qEm9I/oRD0JB/4C5Bk9j5nWF3gzE2MhYfeepqINGIbfvNPiP8G2LFL/CEz46isF9 rFUT/az/p5mdNEwwe5GhEgLkpk0fhcZiAtJ4bGRcJ9YRURh5rrMPtXmXP5THoMau 3VmN11LnfT4= =pvMD -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u6. For the stable distribution (bullseye), these problems have been fixed in version 2.4.51-1~deb11u1. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8 TjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou D4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ M277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q 4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG 5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh jhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ THik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV TWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY Y4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa 7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO A4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0= =/At6 -----END PGP SIGNATURE----- . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache HTTPD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" All Apache HTTPD tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" References ========= [ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5090-3 September 28, 2021 apache2 regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: apache2 2.4.46-4ubuntu1.3 apache2-bin 2.4.46-4ubuntu1.3 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.6 apache2-bin 2.4.41-4ubuntu3.6 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.18 apache2-bin 2.4.29-1ubuntu4.18 In general, a standard system update will make all the necessary changes
var-201609-0597 The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. TLS (Transport Layer Security) is a set of protocols used to provide confidentiality and data integrity between two communication applications. SSH (full name Secure Shell) is a set of security protocols based on the application layer and transport layer developed by the Network Working Group of the Internet Engineering Task Force (IETF). IPSec (full name Internet Protocol Security) is a set of IP security protocols established by the IPSec group of the Internet Engineering Task Force (IETF). Both DES and Triple DES are encryption algorithms. There are information leakage vulnerabilities in the DES and Triple DES encryption algorithms used in the TLS, SSH, and IPSec protocols and other protocols and products. This vulnerability stems from configuration errors in network systems or products during operation. ========================================================================== Ubuntu Security Notice USN-3194-1 February 09, 2017 openjdk-7 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in OpenJDK 7. Software Description: - openjdk-7: Open Source Java implementation Details: Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes them to be used only if no non-legacy algorithms can be negotiated. (CVE-2016-2183) It was discovered that OpenJDK accepted ECSDA signatures using non-canonical DER encoding. An attacker could use this to modify or expose sensitive data. (CVE-2016-5546) It was discovered that OpenJDK did not properly verify object identifier (OID) length when reading Distinguished Encoding Rules (DER) records, as used in x.509 certificates and elsewhere. An attacker could use this to cause a denial of service (memory consumption). (CVE-2016-5547) It was discovered that covert timing channel vulnerabilities existed in the DSA implementations in OpenJDK. A remote attacker could use this to expose sensitive information. (CVE-2016-5548) It was discovered that the URLStreamHandler class in OpenJDK did not properly parse user information from a URL. A remote attacker could use this to expose sensitive information. (CVE-2016-5552) It was discovered that the URLClassLoader class in OpenJDK did not properly check access control context when downloading class files. A remote attacker could use this to expose sensitive information. (CVE-2017-3231) It was discovered that the Remote Method Invocation (RMI) implementation in OpenJDK performed deserialization of untrusted inputs. A remote attacker could use this to execute arbitrary code. (CVE-2017-3241) It was discovered that the Java Authentication and Authorization Service (JAAS) component of OpenJDK did not properly perform user search LDAP queries. An attacker could use a specially constructed LDAP entry to expose or modify sensitive information. (CVE-2017-3252) It was discovered that the PNGImageReader class in OpenJDK did not properly handle iTXt and zTXt chunks. An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-3253) It was discovered that integer overflows existed in the SocketInputStream and SocketOutputStream classes of OpenJDK. An attacker could use this to expose sensitive information. (CVE-2017-3261) It was discovered that the atomic field updaters in the java.util.concurrent.atomic package in OpenJDK did not properly restrict access to protected field members. An attacker could use this to specially craft a Java application or applet that could bypass Java sandbox restrictions. (CVE-2017-3272) It was discovered that a vulnerability existed in the class construction implementation in OpenJDK. An attacker could use this to specially craft a Java application or applet that could bypass Java sandbox restrictions. (CVE-2017-3289) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: icedtea-7-jre-jamvm 7u121-2.6.8-1ubuntu0.14.04.3 openjdk-7-jdk 7u121-2.6.8-1ubuntu0.14.04.3 openjdk-7-jre 7u121-2.6.8-1ubuntu0.14.04.3 openjdk-7-jre-headless 7u121-2.6.8-1ubuntu0.14.04.3 openjdk-7-jre-zero 7u121-2.6.8-1ubuntu0.14.04.3 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3194-1 CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289 Package Information: https://launchpad.net/ubuntu/+source/openjdk-7/7u121-2.6.8-1ubuntu0.14.04.3 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05349499 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05349499 Version: 1 HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-12-06 Last Updated: 2016-12-06 Potential Security Impact: Remote: Disclosure of Information Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY A potential security vulnerability in the DES/3DES block ciphers could potentially impact HPE Comware 5 and Comware 7 network products using SSL/TLS. This vulnerability could be exploited remotely resulting in disclosure of information. References: - CVE-2016-2183 - "SWEET32" attack SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION below for a list of impacted products. - Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of impacted products. BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-2183 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has released the following mitigation information to resolve the vulnerability in HPE Comware 5 and Comware 7 network products. *Note:* Please contact HPE Technical Support for assistance configuring the recommended settings. **Mitigation for the DES/3DES vulnerabilities:** HPE recommends using the assl server-policya and/or the assl client-policya command to specify which ciphers to negotiate. + For Comware V7, do not include the following DES/3DES ciphers: - exp_rsa_des_cbc_sha - rsa_3des_ede_cbc_sha - rsa_des_cbc_sha + For Comware V5, do not include the following DES/3DES ciphers: - rsa_3des_ede_cbc_sha - rsa_des_cbc_sha using the assl server-policya and/or the assl client-policya command. Refer to the *Security Command Reference* manual and *Release notes* for the specific version running on the device for details. **COMWARE 5 Products** + **A6600 (Comware 5) - Version: See Mitigation** * HP Network Products - JC165A HP 6600 RPE-X1 Router Module - JC177A HP 6608 Router - JC177B HP 6608 Router Chassis - JC178A HP 6604 Router Chassis - JC178B HP 6604 Router Chassis - JC496A HP 6616 Router Chassis - JC566A HP 6600 RSE-X1 Router Main Processing Unit - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit + **HSR6602 (Comware 5) - Version: See Mitigation** * HP Network Products - JC176A HP 6602 Router Chassis - JG353A HP HSR6602-G Router - JG354A HP HSR6602-XG Router - JG355A HP 6600 MCP-X1 Router Main Processing Unit - JG356A HP 6600 MCP-X2 Router Main Processing Unit - JG776A HP HSR6602-G TAA-compliant Router - JG777A HP HSR6602-XG TAA-compliant Router - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit + **HSR6800 (Comware 5) - Version: See Mitigation** * HP Network Products - JG361A HP HSR6802 Router Chassis - JG361B HP HSR6802 Router Chassis - JG362A HP HSR6804 Router Chassis - JG362B HP HSR6804 Router Chassis - JG363A HP HSR6808 Router Chassis - JG363B HP HSR6808 Router Chassis - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit + **MSR20 (Comware 5) - Version: See Mitigation** * HP Network Products - JD432A HP A-MSR20-21 Router - JD662A HP MSR20-20 Router - JD663A HP A-MSR20-21 Router - JD663B HP MSR20-21 Router - JD664A HP MSR20-40 Router - JF228A HP MSR20-40 Router - JF283A HP MSR20-20 Router + **MSR20-1X (Comware 5) - Version: See Mitigation** * HP Network Products - JD431A HP MSR20-10 Router - JD667A HP MSR20-15 IW Multi-Service Router - JD668A HP MSR20-13 Multi-Service Router - JD669A HP MSR20-13 W Multi-Service Router - JD670A HP MSR20-15 A Multi-Service Router - JD671A HP MSR20-15 AW Multi-Service Router - JD672A HP MSR20-15 I Multi-Service Router - JD673A HP MSR20-11 Multi-Service Router - JD674A HP MSR20-12 Multi-Service Router - JD675A HP MSR20-12 W Multi-Service Router - JD676A HP MSR20-12 T1 Multi-Service Router - JF236A HP MSR20-15-I Router - JF237A HP MSR20-15-A Router - JF238A HP MSR20-15-I-W Router - JF239A HP MSR20-11 Router - JF240A HP MSR20-13 Router - JF241A HP MSR20-12 Router - JF806A HP MSR20-12-T Router - JF807A HP MSR20-12-W Router - JF808A HP MSR20-13-W Router - JF809A HP MSR20-15-A-W Router - JF817A HP MSR20-15 Router - JG209A HP MSR20-12-T-W Router (NA) - JG210A HP MSR20-13-W Router (NA) + **MSR 30 (Comware 5) - Version: See Mitigation** * HP Network Products - JD654A HP MSR30-60 POE Multi-Service Router - JD657A HP MSR30-40 Multi-Service Router - JD658A HP MSR30-60 Multi-Service Router - JD660A HP MSR30-20 POE Multi-Service Router - JD661A HP MSR30-40 POE Multi-Service Router - JD666A HP MSR30-20 Multi-Service Router - JF229A HP MSR30-40 Router - JF230A HP MSR30-60 Router - JF232A HP RTMSR3040-AC-OVSAS-H3 - JF235A HP MSR30-20 DC Router - JF284A HP MSR30-20 Router - JF287A HP MSR30-40 DC Router - JF801A HP MSR30-60 DC Router - JF802A HP MSR30-20 PoE Router - JF803A HP MSR30-40 PoE Router - JF804A HP MSR30-60 PoE Router - JG728A HP MSR30-20 TAA-compliant DC Router - JG729A HP MSR30-20 TAA-compliant Router + **MSR 30-16 (Comware 5) - Version: See Mitigation** * HP Network Products - JD659A HP MSR30-16 POE Multi-Service Router - JD665A HP MSR30-16 Multi-Service Router - JF233A HP MSR30-16 Router - JF234A HP MSR30-16 PoE Router + **MSR 30-1X (Comware 5) - Version: See Mitigation** * HP Network Products - JF800A HP MSR30-11 Router - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr - JG182A HP MSR30-11E Router - JG183A HP MSR30-11F Router - JG184A HP MSR30-10 DC Router + **MSR 50 (Comware 5) - Version: See Mitigation** * HP Network Products - JD433A HP MSR50-40 Router - JD653A HP MSR50 Processor Module - JD655A HP MSR50-40 Multi-Service Router - JD656A HP MSR50-60 Multi-Service Router - JF231A HP MSR50-60 Router - JF285A HP MSR50-40 DC Router - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply + **MSR 50-G2 (Comware 5) - Version: See Mitigation** * HP Network Products - JD429A HP MSR50 G2 Processor Module - JD429B HP MSR50 G2 Processor Module + **MSR 9XX (Comware 5) - Version: See Mitigation** * HP Network Products - JF812A HP MSR900 Router - JF813A HP MSR920 Router - JF814A HP MSR900-W Router - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr - JG207A HP MSR900-W Router (NA) - JG208A HP MSR920-W Router (NA) + **MSR 93X (Comware 5) - Version: See Mitigation** * HP Network Products - JG511A HP MSR930 Router - JG511B HP MSR930 Router - JG512A HP MSR930 Wireless Router - JG513A HP MSR930 3G Router - JG513B HP MSR930 3G Router - JG514A HP MSR931 Router - JG514B HP MSR931 Router - JG515A HP MSR931 3G Router - JG516A HP MSR933 Router - JG517A HP MSR933 3G Router - JG518A HP MSR935 Router - JG518B HP MSR935 Router - JG519A HP MSR935 Wireless Router - JG520A HP MSR935 3G Router - JG531A HP MSR931 Dual 3G Router - JG531B HP MSR931 Dual 3G Router - JG596A HP MSR930 4G LTE/3G CDMA Router - JG597A HP MSR936 Wireless Router - JG665A HP MSR930 4G LTE/3G WCDMA Global Router - JG704A HP MSR930 4G LTE/3G WCDMA ATT Router - JH009A HP MSR931 Serial (TI) Router - JH010A HP MSR933 G.SHDSL (TI) Router - JH011A HP MSR935 ADSL2+ (TI) Router - JH012A HP MSR930 Wireless 802.11n (NA) Router - JH012B HP MSR930 Wireless 802.11n (NA) Router - JH013A HP MSR935 Wireless 802.11n (NA) Router + **MSR1000 (Comware 5) - Version: See Mitigation** * HP Network Products - JG732A HP MSR1003-8 AC Router + **12500 (Comware 5) - Version: See Mitigation** * HP Network Products - JC072B HP 12500 Main Processing Unit - JC085A HP A12518 Switch Chassis - JC086A HP A12508 Switch Chassis - JC652A HP 12508 DC Switch Chassis - JC653A HP 12518 DC Switch Chassis - JC654A HP 12504 AC Switch Chassis - JC655A HP 12504 DC Switch Chassis - JC808A HP 12500 TAA Main Processing Unit - JF430A HP A12518 Switch Chassis - JF430B HP 12518 Switch Chassis - JF430C HP 12518 AC Switch Chassis - JF431A HP A12508 Switch Chassis - JF431B HP 12508 Switch Chassis - JF431C HP 12508 AC Switch Chassis + **9500E (Comware 5) - Version: See Mitigation** * HP Network Products - JC124A HP A9508 Switch Chassis - JC124B HP 9505 Switch Chassis - JC125A HP A9512 Switch Chassis - JC125B HP 9512 Switch Chassis - JC474A HP A9508-V Switch Chassis - JC474B HP 9508-V Switch Chassis + **10500 (Comware 5) - Version: See Mitigation** * HP Network Products - JC611A HP 10508-V Switch Chassis - JC612A HP 10508 Switch Chassis - JC613A HP 10504 Switch Chassis - JC614A HP 10500 Main Processing Unit - JC748A HP 10512 Switch Chassis - JG375A HP 10500 TAA-compliant Main Processing Unit - JG820A HP 10504 TAA-compliant Switch Chassis - JG821A HP 10508 TAA-compliant Switch Chassis - JG822A HP 10508-V TAA-compliant Switch Chassis - JG823A HP 10512 TAA-compliant Switch Chassis + **7500 (Comware 5) - Version: See Mitigation** * HP Network Products - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo - JC697A HP 7502 TAA-compliant Main Processing Unit - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports - JD194A HP 7500 384Gbps Fabric Module - JD194B HP 7500 384Gbps Fabric Module - JD195A HP 7500 384Gbps Advanced Fabric Module - JD196A HP 7502 Fabric Module - JD220A HP 7500 768Gbps Fabric Module - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports - JD238A HP 7510 Switch Chassis - JD238B HP 7510 Switch Chassis - JD239A HP 7506 Switch Chassis - JD239B HP 7506 Switch Chassis - JD240A HP 7503 Switch Chassis - JD240B HP 7503 Switch Chassis - JD241A HP 7506-V Switch Chassis - JD241B HP 7506-V Switch Chassis - JD242A HP 7502 Switch Chassis - JD242B HP 7502 Switch Chassis - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot - JE164A HP E7902 Switch Chassis - JE165A HP E7903 Switch Chassis - JE166A HP E7903 1 Fabric Slot Switch Chassis - JE167A HP E7906 Switch Chassis - JE168A HP E7906 Vertical Switch Chassis - JE169A HP E7910 Switch Chassis + **6125G/XG Blade Switch - Version: See Mitigation** * HP Network Products - 737220-B21 HP 6125G Blade Switch with TAA - 737226-B21 HP 6125G/XG Blade Switch with TAA - 658250-B21 HP 6125G/XG Blade Switch Opt Kit - 658247-B21 HP 6125G Blade Switch Opt Kit + **5830 (Comware 5) - Version: See Mitigation** * HP Network Products - JC691A HP 5830AF-48G Switch with 1 Interface Slot - JC694A HP 5830AF-96G Switch - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot - JG374A HP 5830AF-96G TAA-compliant Switch + **5800 (Comware 5) - Version: See Mitigation** * HP Network Products - JC099A HP 5800-24G-PoE Switch - JC099B HP 5800-24G-PoE+ Switch - JC100A HP 5800-24G Switch - JC100B HP 5800-24G Switch - JC101A HP 5800-48G Switch with 2 Slots - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots - JC103A HP 5800-24G-SFP Switch - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot - JC104A HP 5800-48G-PoE Switch - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot - JC105A HP 5800-48G Switch - JC105B HP 5800-48G Switch with 1 Interface Slot - JG254A HP 5800-24G-PoE+ TAA-compliant Switch - JG254B HP 5800-24G-PoE+ TAA-compliant Switch - JG255A HP 5800-24G TAA-compliant Switch - JG255B HP 5800-24G TAA-compliant Switch - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot - JG225A HP 5800AF-48G Switch - JG225B HP 5800AF-48G Switch - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot - JG219A HP 5820AF-24XG Switch - JG219B HP 5820AF-24XG Switch - JC102A HP 5820-24XG-SFP+ Switch - JC102B HP 5820-24XG-SFP+ Switch + **5500 HI (Comware 5) - Version: See Mitigation** * HP Network Products - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots + **5500 EI (Comware 5) - Version: See Mitigation** * HP Network Products - JD373A HP 5500-24G DC EI Switch - JD374A HP 5500-24G-SFP EI Switch - JD375A HP 5500-48G EI Switch - JD376A HP 5500-48G-PoE EI Switch - JD377A HP 5500-24G EI Switch - JD378A HP 5500-24G-PoE EI Switch - JD379A HP 5500-24G-SFP DC EI Switch - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots + **4800G (Comware 5) - Version: See Mitigation** * HP Network Products - JD007A HP 4800-24G Switch - JD008A HP 4800-24G-PoE Switch - JD009A HP 4800-24G-SFP Switch - JD010A HP 4800-48G Switch - JD011A HP 4800-48G-PoE Switch + **5500SI (Comware 5) - Version: See Mitigation** * HP Network Products - JD369A HP 5500-24G SI Switch - JD370A HP 5500-48G SI Switch - JD371A HP 5500-24G-PoE SI Switch - JD372A HP 5500-48G-PoE SI Switch - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots + **4500G (Comware 5) - Version: See Mitigation** * HP Network Products - JF428A HP 4510-48G Switch - JF847A HP 4510-24G Switch + **5120 EI (Comware 5) - Version: See Mitigation** * HP Network Products - JE066A HP 5120-24G EI Switch - JE067A HP 5120-48G EI Switch - JE068A HP 5120-24G EI Switch with 2 Interface Slots - JE069A HP 5120-48G EI Switch with 2 Interface Slots - JE070A HP 5120-24G-PoE EI 2-slot Switch - JE071A HP 5120-48G-PoE EI 2-slot Switch - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots + **4210G (Comware 5) - Version: See Mitigation** * HP Network Products - JF844A HP 4210-24G Switch - JF845A HP 4210-48G Switch - JF846A HP 4210-24G-PoE Switch + **5120 SI (Comware 5) - Version: See Mitigation** * HP Network Products - JE072A HP 5120-48G SI Switch - JE072B HPE 5120 48G SI Switch - JE073A HP 5120-16G SI Switch - JE073B HPE 5120 16G SI Switch - JE074A HP 5120-24G SI Switch - JE074B HPE 5120 24G SI Switch - JG091A HP 5120-24G-PoE+ (370W) SI Switch - JG091B HPE 5120 24G PoE+ (370W) SI Switch - JG092A HP 5120-24G-PoE+ (170W) SI Switch - JG309B HPE 5120 8G PoE+ (180W) SI Switch - JG310B HPE 5120 8G PoE+ (65W) SI Switch + **3610 (Comware 5) - Version: See Mitigation** * HP Network Products - JD335A HP 3610-48 Switch - JD336A HP 3610-24-4G-SFP Switch - JD337A HP 3610-24-2G-2G-SFP Switch - JD338A HP 3610-24-SFP Switch + **3600V2 (Comware 5) - Version: See Mitigation** * HP Network Products - JG299A HP 3600-24 v2 EI Switch - JG299B HP 3600-24 v2 EI Switch - JG300A HP 3600-48 v2 EI Switch - JG300B HP 3600-48 v2 EI Switch - JG301A HP 3600-24-PoE+ v2 EI Switch - JG301B HP 3600-24-PoE+ v2 EI Switch - JG301C HP 3600-24-PoE+ v2 EI Switch - JG302A HP 3600-48-PoE+ v2 EI Switch - JG302B HP 3600-48-PoE+ v2 EI Switch - JG302C HP 3600-48-PoE+ v2 EI Switch - JG303A HP 3600-24-SFP v2 EI Switch - JG303B HP 3600-24-SFP v2 EI Switch - JG304A HP 3600-24 v2 SI Switch - JG304B HP 3600-24 v2 SI Switch - JG305A HP 3600-48 v2 SI Switch - JG305B HP 3600-48 v2 SI Switch - JG306A HP 3600-24-PoE+ v2 SI Switch - JG306B HP 3600-24-PoE+ v2 SI Switch - JG306C HP 3600-24-PoE+ v2 SI Switch - JG307A HP 3600-48-PoE+ v2 SI Switch - JG307B HP 3600-48-PoE+ v2 SI Switch - JG307C HP 3600-48-PoE+ v2 SI Switch + **3100V2-48 (Comware 5) - Version: See Mitigation** * HP Network Products - JG315A HP 3100-48 v2 Switch - JG315B HP 3100-48 v2 Switch + **HP870 (Comware 5) - Version: See Mitigation** * HP Network Products - JG723A HP 870 Unified Wired-WLAN Appliance - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance + **HP850 (Comware 5) - Version: See Mitigation** * HP Network Products - JG722A HP 850 Unified Wired-WLAN Appliance - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance + **HP830 (Comware 5) - Version: See Mitigation** * HP Network Products - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant + **HP6000 (Comware 5) - Version: See Mitigation** * HP Network Products - JG639A HP 10500/7500 20G Unified Wired-WLAN Module - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module + **WX5004-EI (Comware 5) - Version: See Mitigation** * HP Network Products - JD447B HP WX5002 Access Controller - JD448A HP WX5004 Access Controller - JD448B HP WX5004 Access Controller - JD469A HP WX5004 Access Controller + **SecBlade FW (Comware 5) - Version: See Mitigation** * HP Network Products - JC635A HP 12500 VPN Firewall Module - JD245A HP 9500 VPN Firewall Module - JD249A HP 10500/7500 Advanced VPN Firewall Module - JD250A HP 6600 Firewall Processing Router Module - JD251A HP 8800 Firewall Processing Module - JD255A HP 5820 VPN Firewall Module + **F1000-E (Comware 5) - Version: See Mitigation** * HP Network Products - JD272A HP F1000-E VPN Firewall Appliance + **F1000-A-EI (Comware 5) - Version: See Mitigation** * HP Network Products - JG214A HP F1000-A-EI VPN Firewall Appliance + **F1000-S-EI (Comware 5) - Version: See Mitigation** * HP Network Products - JG213A HP F1000-S-EI VPN Firewall Appliance + **F5000-A (Comware 5) - Version: See Mitigation** * HP Network Products - JD259A HP A5000-A5 VPN Firewall Chassis - JG215A HP F5000 Firewall Main Processing Unit - JG216A HP F5000 Firewall Standalone Chassis + **U200S and CS (Comware 5) - Version: See Mitigation** * HP Network Products - JD273A HP U200-S UTM Appliance + **U200A and M (Comware 5) - Version: See Mitigation** * HP Network Products - JD275A HP U200-A UTM Appliance + **F5000-C/S (Comware 5) - Version: See Mitigation** * HP Network Products - JG650A HP F5000-C VPN Firewall Appliance - JG370A HP F5000-S VPN Firewall Appliance + **SecBlade III (Comware 5) - Version: See Mitigation** * HP Network Products - JG371A HP 12500 20Gbps VPN Firewall Module - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC177A HP 6608 Router - JC177B HP 6608 Router Chassis - JC178A HP 6604 Router Chassis - JC178B HP 6604 Router Chassis - JC496A HP 6616 Router Chassis - JC566A HP 6600 RSE-X1 Router Main Processing Unit - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC165A) HP 6600 RPE-X1 Router Module - JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit + **6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC176A) HP 6602 Router Chassis + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JC177A HP 6608 Router - JC177B HP 6608 Router Chassis - JC178A HP 6604 Router Chassis - JC178B HP 6604 Router Chassis - JC496A HP 6616 Router Chassis - JG353A HP HSR6602-G Router - JG354A HP HSR6602-XG Router - JG355A HP 6600 MCP-X1 Router Main Processing Unit - JG356A HP 6600 MCP-X2 Router Main Processing Unit - JG776A HP HSR6602-G TAA-compliant Router - JG777A HP HSR6602-XG TAA-compliant Router - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: See Mitigation** * HP Network Products - JG361A HP HSR6802 Router Chassis - JG361B HP HSR6802 Router Chassis - JG362A HP HSR6804 Router Chassis - JG362B HP HSR6804 Router Chassis - JG363A HP HSR6808 Router Chassis - JG363B HP HSR6808 Router Chassis - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit + **SMB1910 (Comware 5) - Version: See Mitigation** * HP Network Products - JG540A HP 1910-48 Switch - JG539A HP 1910-24-PoE+ Switch - JG538A HP 1910-24 Switch - JG537A HP 1910-8 -PoE+ Switch - JG536A HP 1910-8 Switch + **SMB1920 (Comware 5) - Version: See Mitigation** * HP Network Products - JG928A HP 1920-48G-PoE+ (370W) Switch - JG927A HP 1920-48G Switch - JG926A HP 1920-24G-PoE+ (370W) Switch - JG925A HP 1920-24G-PoE+ (180W) Switch - JG924A HP 1920-24G Switch - JG923A HP 1920-16G Switch - JG922A HP 1920-8G-PoE+ (180W) Switch - JG921A HP 1920-8G-PoE+ (65W) Switch - JG920A HP 1920-8G Switch + **V1910 (Comware 5) - Version: See Mitigation** * HP Network Products - JE005A HP 1910-16G Switch - JE006A HP 1910-24G Switch - JE007A HP 1910-24G-PoE (365W) Switch - JE008A HP 1910-24G-PoE(170W) Switch - JE009A HP 1910-48G Switch - JG348A HP 1910-8G Switch - JG349A HP 1910-8G-PoE+ (65W) Switch - JG350A HP 1910-8G-PoE+ (180W) Switch + **SMB 1620 (Comware 5) - Version: See Mitigation** * HP Network Products - JG914A HP 1620-48G Switch - JG913A HP 1620-24G Switch - JG912A HP 1620-8G Switch **COMWARE 7 Products** + **12500 (Comware 7) - Version: See Mitigation** * HP Network Products - JC072B HP 12500 Main Processing Unit - JC085A HP A12518 Switch Chassis - JC086A HP A12508 Switch Chassis - JC652A HP 12508 DC Switch Chassis - JC653A HP 12518 DC Switch Chassis - JC654A HP 12504 AC Switch Chassis - JC655A HP 12504 DC Switch Chassis - JF430A HP A12518 Switch Chassis - JF430B HP 12518 Switch Chassis - JF430C HP 12518 AC Switch Chassis - JF431A HP A12508 Switch Chassis - JF431B HP 12508 Switch Chassis - JF431C HP 12508 AC Switch Chassis - JG497A HP 12500 MPU w/Comware V7 OS - JG782A HP FF 12508E AC Switch Chassis - JG783A HP FF 12508E DC Switch Chassis - JG784A HP FF 12518E AC Switch Chassis - JG785A HP FF 12518E DC Switch Chassis - JG802A HP FF 12500E MPU + **10500 (Comware 7) - Version: See Mitigation** * HP Network Products - JC611A HP 10508-V Switch Chassis - JC612A HP 10508 Switch Chassis - JC613A HP 10504 Switch Chassis - JC748A HP 10512 Switch Chassis - JG608A HP FlexFabric 11908-V Switch Chassis - JG609A HP FlexFabric 11900 Main Processing Unit - JG820A HP 10504 TAA Switch Chassis - JG821A HP 10508 TAA Switch Chassis - JG822A HP 10508-V TAA Switch Chassis - JG823A HP 10512 TAA Switch Chassis - JG496A HP 10500 Type A MPU w/Comware v7 OS - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit + **12900 (Comware 7) - Version: See Mitigation** * HP Network Products - JG619A HP FlexFabric 12910 Switch AC Chassis - JG621A HP FlexFabric 12910 Main Processing Unit - JG632A HP FlexFabric 12916 Switch AC Chassis - JG634A HP FlexFabric 12916 Main Processing Unit - JH104A HP FlexFabric 12900E Main Processing Unit - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit - JH263A HP FlexFabric 12904E Main Processing Unit - JH255A HP FlexFabric 12908E Switch Chassis - JH262A HP FlexFabric 12904E Switch Chassis - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis - JH103A HP FlexFabric 12916E Switch Chassis + **5900 (Comware 7) - Version: See Mitigation** * HP Network Products - JC772A HP 5900AF-48XG-4QSFP+ Switch - JG296A HP 5920AF-24XG Switch - JG336A HP 5900AF-48XGT-4QSFP+ Switch - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch - JG555A HP 5920AF-24XG TAA Switch - JG838A HP FF 5900CP-48XG-4QSFP+ Switch - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant + **MSR1000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG875A HP MSR1002-4 AC Router - JH060A HP MSR1003-8S AC Router + **MSR2000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG411A HP MSR2003 AC Router - JG734A HP MSR2004-24 AC Router - JG735A HP MSR2004-48 Router - JG866A HP MSR2003 TAA-compliant AC Router + **MSR3000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG404A HP MSR3064 Router - JG405A HP MSR3044 Router - JG406A HP MSR3024 AC Router - JG407A HP MSR3024 DC Router - JG408A HP MSR3024 PoE Router - JG409A HP MSR3012 AC Router - JG410A HP MSR3012 DC Router - JG861A HP MSR3024 TAA-compliant AC Router + **MSR4000 (Comware 7) - Version: See Mitigation** * HP Network Products - JG402A HP MSR4080 Router Chassis - JG403A HP MSR4060 Router Chassis - JG412A HP MSR4000 MPU-100 Main Processing Unit - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit + **VSR (Comware 7) - Version: See Mitigation** * HP Network Products - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software - JG811AAE HP VSR1001 Comware 7 Virtual Services Router - JG812AAE HP VSR1004 Comware 7 Virtual Services Router - JG813AAE HP VSR1008 Comware 7 Virtual Services Router + **7900 (Comware 7) - Version: See Mitigation** * HP Network Products - JG682A HP FlexFabric 7904 Switch Chassis - JG841A HP FlexFabric 7910 Switch Chassis - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit + **5130 (Comware 7) - Version: See Mitigation** * HP Network Products - JG932A HP 5130-24G-4SFP+ EI Switch - JG933A HP 5130-24G-SFP-4SFP+ EI Switch - JG934A HP 5130-48G-4SFP+ EI Switch - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch - JG938A HP 5130-24G-2SFP+-2XGT EI Switch - JG939A HP 5130-48G-2SFP+-2XGT EI Switch - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch - JG975A HP 5130-24G-4SFP+ EI Brazil Switch - JG976A HP 5130-48G-4SFP+ EI Brazil Switch - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch + **6125XLG - Version: See Mitigation** * HP Network Products - 711307-B21 HP 6125XLG Blade Switch - 737230-B21 HP 6125XLG Blade Switch with TAA + **6127XLG - Version: See Mitigation** * HP Network Products - 787635-B21 HP 6127XLG Blade Switch Opt Kit - 787635-B22 HP 6127XLG Blade Switch TAA + **Moonshot - Version: See Mitigation** * HP Network Products - 786617-B21 - HP Moonshot-45Gc Switch Module - 704654-B21 - HP Moonshot-45XGc Switch Module - 786619-B21 - HP Moonshot-180XGc Switch Module + **5700 (Comware 7) - Version: See Mitigation** * HP Network Products - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch + **5930 (Comware 7) - Version: See Mitigation** * HP Network Products - JG726A HP FlexFabric 5930 32QSFP+ Switch - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch - JH179A HP FlexFabric 5930 4-slot Switch - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch + **HSR6600 (Comware 7) - Version: See Mitigation** * HP Network Products - JG353A HP HSR6602-G Router - JG354A HP HSR6602-XG Router - JG776A HP HSR6602-G TAA-compliant Router - JG777A HP HSR6602-XG TAA-compliant Router + **HSR6800 (Comware 7) - Version: See Mitigation** * HP Network Products - JG361A HP HSR6802 Router Chassis - JG361B HP HSR6802 Router Chassis - JG362A HP HSR6804 Router Chassis - JG362B HP HSR6804 Router Chassis - JG363A HP HSR6808 Router Chassis - JG363B HP HSR6808 Router Chassis - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit + **1950 (Comware 7) - Version: See Mitigation** * HP Network Products - JG960A HP 1950-24G-4XG Switch - JG961A HP 1950-48G-2SFP+-2XGT Switch - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch + **7500 (Comware 7) - Version: See Mitigation** * HP Network Products - JD238C HP 7510 Switch Chassis - JD239C HP 7506 Switch Chassis - JD240C HP 7503 Switch Chassis - JD242C HP 7502 Switch Chassis - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit - JH208A HP 7502 Main Processing Unit - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit + **5950 (Comware 7) - Version: See Mitigation** * HP Network Products - JH321A HPE FlexFabric 5950 32QSFP28 Switch + **5940 (Comware 7) - Version: See Mitigation** * HP Network Products - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch - JH396A HPE FlexFabric 5940 32QSFP+ Switch - JH397A HPE FlexFabric 5940 2-slot Switch - JH398A HPE FlexFabric 5940 4-slot Switch HISTORY Version:1 (rev.1) - 6 December 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJYRvrIAAoJELXhAxt7SZaib6cH/RWuqSEJ2q9shv9KJOpcIyIr j1iw1pxmZVMrv6TCQNhrBovjYgifRddVK25YyqDRP7pmbjiME1SzqqQBROZ/ikRU QXiu/z9XULfNdgwf1VAcDi6AIDEW7ZpqduqhRrDZQnWlXJ2yR4Fs1ISG6N15q7Xc EsP575GH1RP4XWpGHQK/BKwiY7zyT+/dNAL3cH4DSFVhml0Ke2bbVSvzd+r3SHPD u8KzGHUuBkz4k0KOhLuudGk43rMpuDh3J9gz3sHYh8nptfu4KweY85EzjTMP4TbU Yx1CmUnqAd+o4RRsX41bqZ65DTuPmwhuZhXQVBM76WMR3W3s586Ib8lq1sLUoyA= =35PT -----END PGP SIGNATURE----- . This update causes NSS to limit use of the same symmetric key. (CVE-2016-2183) It was discovered that NSS incorrectly handled Base64 decoding. (CVE-2017-5461) This update refreshes the NSS package to version 3.28.4 which includes the latest CA certificate bundle. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201707-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IcedTea: Multiple vulnerabilities Date: July 05, 2017 Bugs: #607676, #609562, #618874, #619458 ID: 201707-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in IcedTea, the worst of which may allow execution of arbitrary code. Background ========== IcedTea's aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/icedtea-bin < 3.4.0 >= 3.4.0 < 7.2.6.10 >= 7.2.6.10 Description =========== Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers referenced below for details. Note: If the web browser plug-in provided by the dev-java/icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Workaround ========== There is no known workaround at this time. Resolution ========== All IcedTea binary 7.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/icedtea-bin-7.2.6.10:7" All IcedTea binary 3.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-3.4.0:8" References ========== [ 1 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 2 ] CVE-2016-5546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5546 [ 3 ] CVE-2016-5547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5547 [ 4 ] CVE-2016-5548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5548 [ 5 ] CVE-2016-5549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5549 [ 6 ] CVE-2016-5552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5552 [ 7 ] CVE-2017-3231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3231 [ 8 ] CVE-2017-3241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3241 [ 9 ] CVE-2017-3252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3252 [ 10 ] CVE-2017-3253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3253 [ 11 ] CVE-2017-3260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3260 [ 12 ] CVE-2017-3261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3261 [ 13 ] CVE-2017-3272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3272 [ 14 ] CVE-2017-3289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3289 [ 15 ] CVE-2017-3509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3509 [ 16 ] CVE-2017-3511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3511 [ 17 ] CVE-2017-3512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3512 [ 18 ] CVE-2017-3514 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3514 [ 19 ] CVE-2017-3526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3526 [ 20 ] CVE-2017-3533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3533 [ 21 ] CVE-2017-3539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3539 [ 22 ] CVE-2017-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3544 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201707-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --eW2Ih3ajF3BNoJIAD1VrIt2me1kNx637S-- . This is also known as the SWEET32 attack. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), Unauthorized Read Access to Data and other impacts including: * Padding Oracle attack in Apache mod_session_crypto * Apache HTTP Request Parsing Whitespace Defects References: - CVE-2016-8740 - Apache http server, Denial of Service (DoS) - CVE-2016-2161 - Apache http server, Denial of Service (DoS) - CVE-2016-0736 - Apache http server, disclosure of information, padding oracle attack - CVE-2016-8743 - Apache http server, request corruption, request parsing white space - CVE-2016-2183 - OpenSSL, disclosure of information, SWEET32 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Apache 2.4.18.02 for HP-UX Release B.11.31 (PA and IA): * 32 bit Depot: HP-UX 11.31(HPUXWS24ATW-B503-11-31-64.depot) * 64 bit Depot: HP-UX 11.31(HPUXWS24ATW-B503-11-31-32.depot) **Note:** The depot files can be found here: <https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=HPUXWSATW503> MANUAL ACTIONS: Yes - Update Download and install the software update PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HPE and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: <https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=B6834AA> AFFECTED VERSIONS HP-UX B.11.31 IA/PA =================== hpuxws24APACHE.APACHE hpuxws24APACHE.APACHE2 hpuxws24APACHE.AUTH_LDAP hpuxws24APACHE.AUTH_LDAP2 hpuxws24APACHE.MOD_JK hpuxws24APACHE.MOD_JK2 hpuxws24APACHE.MOD_PERL hpuxws24APACHE.MOD_PERL2 hpuxws24APACHE.WEBPROXY hpuxws24APACHE.WEBPROXY2 action: install B.2.4.18.02 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 29 March 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy
var-201011-0178 The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. Xpdf is prone to a vulnerability due to an array-indexing error. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious PDF file with an affected application. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: f8eeb85b978e98a9bfffce7ab584e9df 2010.0/i586/libpoppler5-0.12.4-1.2mdv2010.0.i586.rpm 11b9dfe9e37261bec174c25aae9d71b4 2010.0/i586/libpoppler-devel-0.12.4-1.2mdv2010.0.i586.rpm b9af206162c906094204ed13a4620318 2010.0/i586/libpoppler-glib4-0.12.4-1.2mdv2010.0.i586.rpm eea6fc72a55f119c2fe7aef2c37400f6 2010.0/i586/libpoppler-glib-devel-0.12.4-1.2mdv2010.0.i586.rpm d83f8f81d2cbb11a3a12e0654d63cd11 2010.0/i586/libpoppler-qt2-0.12.4-1.2mdv2010.0.i586.rpm 8e1f7d0278a299b55e1b213f90462610 2010.0/i586/libpoppler-qt4-3-0.12.4-1.2mdv2010.0.i586.rpm 6f1505518bb6a42bd017f4ed00ed5f3f 2010.0/i586/libpoppler-qt4-devel-0.12.4-1.2mdv2010.0.i586.rpm 6bfceb4bbb5565f829c765e15d9f84f8 2010.0/i586/libpoppler-qt-devel-0.12.4-1.2mdv2010.0.i586.rpm 69b87e12827e20261bcac5c1a9f6cc47 2010.0/i586/poppler-0.12.4-1.2mdv2010.0.i586.rpm b395b580e189eac53cec4cdce2ceaeeb 2010.0/SRPMS/poppler-0.12.4-1.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 5ac922ba77b7e24852b032cb96d66dcc 2010.0/x86_64/lib64poppler5-0.12.4-1.2mdv2010.0.x86_64.rpm a35fdb10aaaeda661082eea969c8cb10 2010.0/x86_64/lib64poppler-devel-0.12.4-1.2mdv2010.0.x86_64.rpm be4e55287976d6d9f0bc8acdd41dc371 2010.0/x86_64/lib64poppler-glib4-0.12.4-1.2mdv2010.0.x86_64.rpm 2e63d0dff69e958f0b926cf6d0026c61 2010.0/x86_64/lib64poppler-glib-devel-0.12.4-1.2mdv2010.0.x86_64.rpm b50e39d108dc2458c252fbf365e2aaff 2010.0/x86_64/lib64poppler-qt2-0.12.4-1.2mdv2010.0.x86_64.rpm 7b249ff04f794fb6a8dc8b05564143e4 2010.0/x86_64/lib64poppler-qt4-3-0.12.4-1.2mdv2010.0.x86_64.rpm 121f80f800f144eb489f0cdce287e7ef 2010.0/x86_64/lib64poppler-qt4-devel-0.12.4-1.2mdv2010.0.x86_64.rpm fb7297fbbd3758eca663813932d822fe 2010.0/x86_64/lib64poppler-qt-devel-0.12.4-1.2mdv2010.0.x86_64.rpm 5fbd9b1cbd0c18cc7f5a77ee8c9421e8 2010.0/x86_64/poppler-0.12.4-1.2mdv2010.0.x86_64.rpm b395b580e189eac53cec4cdce2ceaeeb 2010.0/SRPMS/poppler-0.12.4-1.2mdv2010.0.src.rpm Mandriva Linux 2010.1: 039272fbf964bf0cda8ee8be3f73d7f0 2010.1/i586/libpoppler5-0.12.4-2.1mdv2010.1.i586.rpm 4b8cd7ba4fcad0fdb13d498d9659353e 2010.1/i586/libpoppler-devel-0.12.4-2.1mdv2010.1.i586.rpm 0c8ecda02ad63275628fdf7dbb886d85 2010.1/i586/libpoppler-glib4-0.12.4-2.1mdv2010.1.i586.rpm a899985446082afaf7a552a9d093fa7b 2010.1/i586/libpoppler-glib-devel-0.12.4-2.1mdv2010.1.i586.rpm 98cc33b6085f8b5a3e450814217a87fc 2010.1/i586/libpoppler-qt2-0.12.4-2.1mdv2010.1.i586.rpm aca2798c969fe7e1ae41f8fda8c767bf 2010.1/i586/libpoppler-qt4-3-0.12.4-2.1mdv2010.1.i586.rpm 766c5b85413728af84378f56647f3d6e 2010.1/i586/libpoppler-qt4-devel-0.12.4-2.1mdv2010.1.i586.rpm e1af5e2dda8be30d3ac1e009ce856588 2010.1/i586/libpoppler-qt-devel-0.12.4-2.1mdv2010.1.i586.rpm e2060c17f1f8ece622fbcf94e50205d7 2010.1/i586/poppler-0.12.4-2.1mdv2010.1.i586.rpm a3495563ca96089190aef76b6c25df4d 2010.1/SRPMS/poppler-0.12.4-2.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 142bdd508c9c62480b467b3aa74a6eb1 2010.1/x86_64/lib64poppler5-0.12.4-2.1mdv2010.1.x86_64.rpm 423f44b8802e838afbdd9be973bee11b 2010.1/x86_64/lib64poppler-devel-0.12.4-2.1mdv2010.1.x86_64.rpm 88b25a582c2bf185196e8d68b2567bd9 2010.1/x86_64/lib64poppler-glib4-0.12.4-2.1mdv2010.1.x86_64.rpm 5ea3f17b45cdddf438d4642348f0133d 2010.1/x86_64/lib64poppler-glib-devel-0.12.4-2.1mdv2010.1.x86_64.rpm 11e9facfbca3b5d916f480e5053614cd 2010.1/x86_64/lib64poppler-qt2-0.12.4-2.1mdv2010.1.x86_64.rpm 51f3818574979e270265d94947b863ff 2010.1/x86_64/lib64poppler-qt4-3-0.12.4-2.1mdv2010.1.x86_64.rpm d7c2b054dd96ac00eb7caf957d290cf6 2010.1/x86_64/lib64poppler-qt4-devel-0.12.4-2.1mdv2010.1.x86_64.rpm 9533bb591cd679ba8f880b23605e837a 2010.1/x86_64/lib64poppler-qt-devel-0.12.4-2.1mdv2010.1.x86_64.rpm a6fd550b90857f4cbfcd97213d5e7918 2010.1/x86_64/poppler-0.12.4-2.1mdv2010.1.x86_64.rpm a3495563ca96089190aef76b6c25df4d 2010.1/SRPMS/poppler-0.12.4-2.1mdv2010.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFM3VkMmqjQ0CJFipgRAt1ZAKDMo9oWIQ/0cZWwYHte7+QQWtASZwCfTuRR Qp8m00pY+5aiMBWXOR3I64k= =VPTO -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Xpdf Two Vulnerabilities SECUNIA ADVISORY ID: SA41709 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41709/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41709 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41709/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41709/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41709 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Xpdf, which can potentially be exploited by malicious people to compromise a user's system. For more information see vulnerabilities #1 and #2 in: SA41596 SOLUTION: Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Reported in Poppler by Joel Voss, Leviathan Security Group. ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0751.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201402-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xpdf: User-assisted execution of arbitrary code Date: February 17, 2014 Bugs: #386271 ID: 201402-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Xpdf could result in execution of arbitrary code. Background ========== Xpdf is an X viewer for PDF files. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/xpdf <= 3.02-r4 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Please review the CVE identifiers referenced below for details. Impact ====== A context-dependent attacker could execute arbitrary code or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== Gentoo has discontinued support for Xpdf. We recommend that users unmerge Xpdf: # emerge --unmerge "app-text/xpdf" References ========== [ 1 ] CVE-2009-4035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4035 [ 2 ] CVE-2010-3702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3702 [ 3 ] CVE-2010-3704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3704 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201402-17.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . For the stable distribution (lenny), these problems have been fixed in version 3.02-1.4+lenny3. For the upcoming stable distribution (squeeze) and the unstable distribution (sid), these problems don't apply, since xpdf has been patched to use the Poppler PDF library. Upgrade instructions - -------------------- If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-1005-1 October 19, 2010 poppler vulnerabilities CVE-2010-3702, CVE-2010-3703, CVE-2010-3704 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpoppler1 0.5.1-0ubuntu7.8 libpoppler1-glib 0.5.1-0ubuntu7.8 Ubuntu 8.04 LTS: libpoppler-glib2 0.6.4-1ubuntu3.5 libpoppler2 0.6.4-1ubuntu3.5 Ubuntu 9.04: libpoppler-glib4 0.10.5-1ubuntu2.6 libpoppler4 0.10.5-1ubuntu2.6 Ubuntu 9.10: libpoppler-glib4 0.12.0-0ubuntu2.3 libpoppler5 0.12.0-0ubuntu2.3 Ubuntu 10.04 LTS: libpoppler-glib4 0.12.4-0ubuntu5.1 libpoppler5 0.12.4-0ubuntu5.1 Ubuntu 10.10: libpoppler-glib5 0.14.3-0ubuntu1.1 libpoppler7 0.14.3-0ubuntu1.1 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1-0ubuntu7.8.diff.gz Size/MD5: 27259 bedbca4c7d1fbb131e87ac7d01b9ccfb http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1-0ubuntu7.8.dsc Size/MD5: 2375 9242a34c31aec338034bad41ff0e04fb http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1.orig.tar.gz Size/MD5: 954930 a136cd731892f4570933034ba97c8704 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 729804 990c4697220246f06734ec985bf79805 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 58242 4e17049f4d461125928bd33eb905542e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 47402 2e1911778f8d114dc01570a16cc753fa http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 52998 4dc5f9471611f96ec0bfb5314a527d67 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 43618 37459b85fdf031fdba6e1b35ea116679 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 546536 7ad7ef20bd092f9007a0a4f2920d301d http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 101316 389d8b7bf42dd291ae246bbe5306c66e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 664928 8670a45be74a527aa2381c786d6f499c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 56038 20fa91b22991fbf8f2855d0019a30066 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 46100 aa511d2877d5a86ee35fb8760168e746 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 51888 e635377fcd0afcc86fb5665f12596940 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 43120 0a299604034207977e6549719e97c3bb http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 505126 546b78451a3db468d906a13c3e461755 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 93028 075e41dd3d3608e7e4a5f682d3ab0d45 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 769490 69fe73d00ba079febc5ada96e82cb518 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 60272 ef55f2b86d376cfc7f81786fa56f0852 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 47556 20725d1ceae67bd27b629bda23ea27aa http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 54288 f1652517075e0ea34c6b762e8e1ec6ba http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 44890 7ce2dad1bd9962aecd9184b74de80dbd http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 552776 7b30e7f41666d93aaa7d3a95537333d8 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 105656 6d4c33c8c30e18aba3e5248d19945312 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 690766 199896329398917fe8f2a37179d02a34 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 56618 d6fe358f5cdcbc02450e69db342ee8b3 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 46092 5d19384e2488912b2ba4d98ff39906b7 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 51360 9b6aaada69d2fd81edbf8a3f1e236256 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 42362 914f0dfd79b25858ad12ad20c4407905 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 518396 ccb5b4d7b6a3966174b55e82597d90b8 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 93880 6343457c99d3fe9e95c65e7f11ed1688 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4-1ubuntu3.5.diff.gz Size/MD5: 22610 e40e61ff8f404dd8c570d7d9d37d3344 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4-1ubuntu3.5.dsc Size/MD5: 1832 5e30251249c773f2fdb94278bf11050c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4.orig.tar.gz Size/MD5: 1294481 13d12ca4e349574cfbbcf4a9b2b3ae52 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 899230 8fce2b7acfae6b6397caf9caf140a031 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 110018 dfafa5b34781fe749705af443a32d855 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 54810 5febb6077ff4019f33ef36b39d05087b http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 46176 f53d822dbade16249befcf24f503c443 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 25520 85571978f17908b52fde4a635b1a411e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 146760 9ff80c2dbf2bb811e31e1b66caf6279c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 201282 909dc624c82bc3c89a0b46ee49fc080f http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 648816 9c4f1dbc90f19b95970d601d05ebf72b http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 78984 ea5c07bc1f8cc794416c93e05b4f4815 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 839500 f428fc3b2317229955ebf3145bd8b1ef http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 102844 5abd270a2f436fd79d5fa021ed0a75a2 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 52354 58e6cec2618c530ae21ca02fb009da06 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 42614 9370944020717ba5be753fe28ab981d0 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 25050 57ac26b842693f33b609ea6d6ced073b http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 143622 9f476e4d71f8693f39e73e76c9a65d3c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 190086 b40f870abc3aa6f6b8203de269e88d93 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 623310 43c9e0e5063794de8b008a567dd48545 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 73692 d5434601a4e7ef66297888f349217a1f lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 859546 59e85a8660b8972ffac2b9964be303bd http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 103834 2dd93fcfeb085ad2d2ebbf2631b094e9 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 52614 bfa697640e43ddb7314d66f7107e021f http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 43048 f1173347bdf4b450a9058f558a0e98e0 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 24792 2f1a32e1c3062d9ff8ad2bac1a89a5e2 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 145068 e079cb3940740d3866454898c7a635ba http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 191294 c0083aef2f0adfc21064be2f95f6316d http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 637232 bff9ecff5a68a668e00a2c0bab55b290 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 74708 14d03ac4f0abc79bb2b7696776db9362 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 956836 642c3332a4295161be0729b72f6ccfb0 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 115792 671359d71e699df8ef011ef9b1b97e13 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 58464 118f2e096f121fb43ad8a287335f5892 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 46142 60ec3d227164cb4f52531bf0d0d94a71 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 28862 cf22690c891eaf82c9587faff7e7aec1 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 152744 fef8f36a164ceb3a425882cc697d9cad http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 209554 7c20fafa41749c91709a2c925844cad1 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 683376 5c9e55ebefa5e5dfabbd72787bf5b7bb http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 94454 50f79c3f37ccade2e26ac5f01fedb367 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 859950 ca8b01d58970c27729fb9311f7706611 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 104158 a60feaf9f57f703ae37d4587071e10e3 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 51408 3a832dd5583a5ebdca67fb868b774f46 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 42008 563aa6cce06916284a5bbccc8f9a4a2a http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 23902 dbda45ef43ff352439a2595766a8725f http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 145340 fcacd993458d4e16e4104b1c2fef74b5 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 193258 872f6f3ef8af1a386100f929342c23f3 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 631572 31bc91916469b6fee1e4ed2411b98c70 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 72984 85a3e42acdf1819c8fc07053cb9012c3 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5-1ubuntu2.6.diff.gz Size/MD5: 22658 46a4434de1013ad6a1aedd7f83f4638e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5-1ubuntu2.6.dsc Size/MD5: 2319 cb6568c37577a77805a323102daf8cbe http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5.orig.tar.gz Size/MD5: 1516687 125f671a19707861132fb03e73b61184 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 1000762 2511c181edee11136cd95f2fd8f7df4e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 124320 8e44bb95aaf500ea3f5f2cfeda92c77b http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 64498 433f22fd427b85eda6c6f79c093c7bf4 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 51136 3fce9dd192f7cf72beb2a462b78a045f http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 26084 40b1eb43d7c31c344ee807f67b56405a http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 166096 856ebcf506dfe1e6f73a16d039683576 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 235030 001590442c32e9d44d12c708cb484a34 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 715688 100b06d8f1c178b74a72627c1293a99d http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 3191282 9fad2dc154e6816007978eecba272f98 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 80310 e6f5e58168c6548ee953afc2f2e198e2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 939116 1a637f61cc6980c737f0485fc2ee9d46 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 118186 be93a766d70095e2b904e8a1059c1ea9 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 61432 b48d904620036b494dae30f846757933 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 48108 502e462be767601fd4f37278ff6fb0c9 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 25400 0d97956139ca4df762ff50924775c7ee http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 164406 c48888d902bace1af6f9568bc7d11781 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 219842 642d8bf864daa53baa9aba14ef1d8e8d http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 687198 ebd3b55dd94130e8031fce6fdd9c2977 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 3106210 be7d517d3130e27b75b778b1fafab2c2 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 75150 842cb849ecdc92162f1ef0645a89694a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 951712 5833f800109087edef20d0d2e043a2a0 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 118064 f415be637dbb5991ce0cf7d4bc62b9b7 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 61512 247589fb21e89512e10055a39cdef0c0 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 48234 53a1552904e2243babf5b4480f4e39d2 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 25090 fe55913c8f07a2d573d202669dd1697e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 164652 37ca1c8caa83a03a65f2d24d4f7576bb http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 220064 5d8c233389507dc10c6830ab35ab31e4 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 698034 6b6e1e71dc2b4d73ce5d91ab18ed1434 http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 3141000 792164965ecec628891930c15056146e http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 75852 566179c180af7420345a59aef66d20ab powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 1067816 72f7c6c253c7a0d6de9572a45b766bea http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 132060 05faca87e109c1c75a82a458b2d23949 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 69138 2c877d50106cacbfa82cb9e60e572e7e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 51250 377d0b6a2fb986aafde1ee9f8045e04a http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 28790 9a4a744f8bbaee83ab3e0d624425dda3 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 170364 ce061c2566a07dd3c159a23d66d829fc http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 239232 b223e0531752af48a78b9feb2964e77a http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 751112 72ec27c3cfa98ec9c51e1735b233d70a http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 3289146 731cdf54cada7da65a2a3c939df59f93 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 92846 b62d9487645a67d4c892c3671a75e05c sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 958890 6948353f591647da86e316845ec8f9eb http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 120824 6ff59a3bbd4a9b425ef23110a76c4298 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 61180 2cc5e6f027e76b607defdc9a797fea4d http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 47586 c343721df8aec6efa801c42368c65187 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 24302 829a6fd6cb43629453b0d03abb134c74 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 165794 e2baae9323c3dc1bfd4c7a5188b876a4 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 227060 24c905d2bf65312b9654f3a8c3ff1b85 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 699612 e891d015a5e9f4a06c62330ae13ad8ff http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 3054006 65d02dc72ebedeee044492a0d54a7c9b http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 75462 14106f64edcc64399c73cecfffe82660 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0ubuntu2.3.diff.gz Size/MD5: 16162 e2f7027909f54a82d3b05a5dab49bfe3 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0ubuntu2.3.dsc Size/MD5: 2333 0ca7e3c51f46e811ab8b764d19735017 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0.orig.tar.gz Size/MD5: 1595424 399b25d9d71ad22bc9a2a9281769c49c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 1051980 811eb825ef2a4a35a2737c7cc8f7dc18 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 147620 0df853686d2bde4d3251e2034d4aaca4 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 75082 66a4118be485eca8c0d64bcb507d95fe http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 56040 9aa3e75a67f5b3325354e0cd0783b4eb http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 26016 ab04a30595e5e10a8ea324ce5429859d http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 169758 a0feabc74a20a921577bb14b328f4f08 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 246134 66b67de914b70e969cef45ad38be8350 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 758072 3759109d011266b2f989d6d4b9c700f8 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 3352576 018f3529b1b4b66eb8fce6446e151276 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 84178 3242ad6a0e40ac5017b25f252026b4ec i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 989400 4c6f5530a2751fbef0c4cf2b91c0a450 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 140982 8b2732a5ee3087e754cfbc8a311508a9 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 72374 9dafd2e2f353b30269b61184d8a05a73 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 53740 92abc5198ae95accc2a9c04535a12e74 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 25630 9ed21683dc9ce42230357a75c9f8efaf http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 166244 5407024e0fbca9ca17cf31784689f530 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 231402 085ad28bb8f30fb81c922bdf98461f62 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 725946 56e85e5a60eded5dd71286df5afcddad http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 3273936 4900c20227ee15c570803e0a5ea2380e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 80140 8397685b99e33d2295945e01b5a9c5a9 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 1024116 82f69ec56049caaaa2e6d6ddfbcf38e9 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 145452 ca9c8d859dd2c259254c1015c8150e7c http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 73070 93faf777eb853626a8021a4fdf951ae0 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 53314 f04f80d8c690dd8eed9f2d8629b82ab6 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 24216 5597f9b407ed6e297dfb60495a926835 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 168690 d5f6fc3fd30c50549a0425684be4456f http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 244286 73acb1d168e1b946fc0ab87e52a98d2b http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 749218 e362ac899fed10132a24579c856392bf http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 3243524 b3809cb3b43f6c6fcbf78e5f195454b8 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 80606 84e09ef47c3a62d374f7d72d077857f7 Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4-0ubuntu5.1.diff.gz Size/MD5: 36586 3c8f46489d270a6553c603f1bf42df61 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4-0ubuntu5.1.dsc Size/MD5: 2321 6309c218890373f2d2f3829083f1e14e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4.orig.tar.gz Size/MD5: 1674400 4155346f9369b192569ce9184ff73e43 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 1057464 02cfbb58b185dce47f79752bc448ecfb http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 153226 6a1cd66dad1f036c916834a9bee5290e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 79122 fc4779709ed8b692f9debc48054dcf66 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 56012 6c389ff1ec4144b526b34e3df0390361 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 26902 e4f305ff49b07e2d4266f3c23b737328 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 172296 6a277bb044e8bddf0b7211ef4f201e8a http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 252048 07a540e9727055ad6ea3af4805ca02f4 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 762152 b900a754d1f4fd137a984a5d9a428b49 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 3392098 40b5213d5c65333912cb2a6837cb8155 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 84984 222e314966329a71370119194760f289 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 994314 0cf46cddcca262acb400301c6ccfadcf http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 146050 ecfd6621c0c8125575908fce67e87037 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 75926 9460e967f9ea99f6e52cea7b82794cf1 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 53792 094890d2058126fad34a2a9f1b74a9fe http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 26526 ae6f93323c82c1d452e81335025c4677 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 169754 b69d20dacb024e9412954289e62606e5 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 237416 79df3cbaef280ae078fe5d90d1efeca6 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 729896 ebd5b47847b7d4c2d6a7956d5f2b9c9c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 3308176 1901fd74a67d54354fc37140a3820651 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 80940 24c64a45a096f19bc5e29ac070570932 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 1139050 391b272517bddffbfecbbc91a43b7f96 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 160174 5e5fbf2fdbf5007373e8f76a762b875d http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 83092 96d39f59f5dbb721fc5bbd370f0b3540 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 57086 00f8a4e9617f841bd90e57d2835311f4 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 27700 b373ca19c5ec767a6398dffc9bedd553 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 174170 ff1770256477129693ba12fa671d00f2 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 257882 c5a46d4e9d96ab2e705e5a538cf3731e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 802012 68d7baf4f9f6c09fbf4f1c0e382fa182 http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 3517048 e614b7e4a6a126f9b7dd67f6efefd117 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 85044 6187f4e8bac574e941da55a6a69690af sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 1061366 41136167b401a0728acbcdb4019d10a9 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 152744 080f6cd7a3b25dafb7a859b7feb7095e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 77452 04f109d31474b5aa18934e158adf6d62 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 54694 2300562f2a7cfb8d4a33f881332ace15 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 25448 53b2a8352578c81f64e8f4cab898007b http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 172760 f147f6913ced592759716f7b3df63af2 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 255112 3257864700e4387e8cf4e11e5f4aef4e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 761444 626f9943c20f6c2f8cddfaed957e0251 http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 3312976 945e1150e98d3545f2790ceaec85220f http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 82324 33c251009e49841c9ae76e74a1e4e559 Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3-0ubuntu1.1.diff.gz Size/MD5: 14357 2913cf42deabe02923039b83f4d3a09b http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3-0ubuntu1.1.dsc Size/MD5: 2426 d8addbeb6ab59e8dfeaab3262b4215e8 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3.orig.tar.gz Size/MD5: 1791880 1024c608a8a7c1d6ec301bddf11f3af9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 64468 6a423398bc892f513b2f38e2e3d5c602 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 31168 539169982c29fbd85ad92d3564b46332 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 1103468 a14ada191171b0af80c8ed455cc43602 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 165088 a094e30c378323c4e13fce76cb41eaef http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 83900 ba49980dc7ae19ec805f2d2e0a9dd341 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 59162 2e9264fd1688912c647a684349b04bc1 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 26422 f2e204b7a284aa1c7762671eb764f65f http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 175388 12fdd82ec02447154cb66ffee97eb6bd http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 262250 4b22149a50d268aff9c443f577272ec9 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 783016 b6a88c5290d6584cf118e03486ee5b28 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 3782700 92aaee73614843eb71a1e894d6e6b6db http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 84584 cff59800844c6d64d58481682d7096c2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 61226 2daec50e448a0023cefc89ecdac63e2f http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 31404 ad307f5350fd07a9cc409f4e9e1a76a3 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 1031432 cb1b0f48c777da1e83104a1f8a92850c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 156646 33c97aaca1542522ac44c0c2c1aa32f9 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 80682 9c4b0a4534eb6719a7d9f974b2fc8b61 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 56974 6d8a32bff9e98d95c8cf754c47aae4f6 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 25986 ce814f61d00c0be09742cff50d691d1a http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 172378 d6a441c24baa014e23428de75ee78913 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 246084 0f3d944e284b2e96f78ff7c897d89310 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 746296 c5b46a4f36381b2d6ac1f4cdc973a85d http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 3694024 28b7b242f8fe4b6decc198ce2cddc5e4 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 79640 326c2ea9f373fec8622ca654b942fee2 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 65034 e6fe859f3e6071f20f9cf880107c1f2e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 32576 1923fe67aeb448dae67c0c3de7acad51 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 1182088 7d90bf72cedc6ccda4da639e657ba3ec http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 171878 728ed879151c66c82c09d074ca3d6b74 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 88564 38714d7ad6697b4231e2c89c511195c4 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 60498 2422b28c607abc4cf25388199ad89052 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 27190 4e063517954ef91ae8ce1d959f939bad http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 177264 79deabe8844ba4993b7643a846b6ba7f http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 270448 a6924c87f821b74c9d9ef642d3182194 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 822532 fded6e9509fb172ea0587cd536b8e24c http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 3916390 bd49980f1d5fe6a419961106a2635ad6 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 82814 8552bb3b2508b96a0c3a2be0b7a02f00 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tetex security update Advisory ID: RHSA-2012:1201-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1201.html Issue date: 2012-08-23 CVE Names: CVE-2010-2642 CVE-2010-3702 CVE-2010-3704 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 ===================================================================== 1. Summary: Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code: Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. (CVE-2010-2642, CVE-2011-0433) An invalid pointer dereference flaw was found in t1lib. (CVE-2011-0764) A use-after-free flaw was found in t1lib. (CVE-2011-1553) An off-by-one flaw was found in t1lib. (CVE-2011-1554) An out-of-bounds memory read flaw was found in t1lib. A specially-crafted font file could, when opened, cause teTeX to crash. (CVE-2011-1552) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code: An uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was used to process a TeX document referencing a specially-crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. If pdflatex was used to process a TeX document referencing a specially-crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3704) Red Hat would like to thank the Evince development team for reporting CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of CVE-2010-2642. All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference 638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse() 666318 - CVE-2010-2642 evince, t1lib: Heap based buffer overflow in DVI file AFM font parser 679732 - CVE-2011-0433 evince, t1lib: Heap-based buffer overflow DVI file AFM font parser 692853 - CVE-2011-1552 t1lib: invalid read crash via crafted Type 1 font 692854 - CVE-2011-1553 t1lib: Use-after-free via crafted Type 1 font 692856 - CVE-2011-1554 t1lib: Off-by-one via crafted Type 1 font 692909 - CVE-2011-0764 t1lib: Invalid pointer dereference via crafted Type 1 font 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tetex-3.0-33.15.el5_8.1.src.rpm i386: tetex-3.0-33.15.el5_8.1.i386.rpm tetex-afm-3.0-33.15.el5_8.1.i386.rpm tetex-debuginfo-3.0-33.15.el5_8.1.i386.rpm tetex-doc-3.0-33.15.el5_8.1.i386.rpm tetex-dvips-3.0-33.15.el5_8.1.i386.rpm tetex-fonts-3.0-33.15.el5_8.1.i386.rpm tetex-latex-3.0-33.15.el5_8.1.i386.rpm tetex-xdvi-3.0-33.15.el5_8.1.i386.rpm x86_64: tetex-3.0-33.15.el5_8.1.x86_64.rpm tetex-afm-3.0-33.15.el5_8.1.x86_64.rpm tetex-debuginfo-3.0-33.15.el5_8.1.x86_64.rpm tetex-doc-3.0-33.15.el5_8.1.x86_64.rpm tetex-dvips-3.0-33.15.el5_8.1.x86_64.rpm tetex-fonts-3.0-33.15.el5_8.1.x86_64.rpm tetex-latex-3.0-33.15.el5_8.1.x86_64.rpm tetex-xdvi-3.0-33.15.el5_8.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tetex-3.0-33.15.el5_8.1.src.rpm i386: tetex-3.0-33.15.el5_8.1.i386.rpm tetex-afm-3.0-33.15.el5_8.1.i386.rpm tetex-debuginfo-3.0-33.15.el5_8.1.i386.rpm tetex-doc-3.0-33.15.el5_8.1.i386.rpm tetex-dvips-3.0-33.15.el5_8.1.i386.rpm tetex-fonts-3.0-33.15.el5_8.1.i386.rpm tetex-latex-3.0-33.15.el5_8.1.i386.rpm tetex-xdvi-3.0-33.15.el5_8.1.i386.rpm ia64: tetex-3.0-33.15.el5_8.1.ia64.rpm tetex-afm-3.0-33.15.el5_8.1.ia64.rpm tetex-debuginfo-3.0-33.15.el5_8.1.ia64.rpm tetex-doc-3.0-33.15.el5_8.1.ia64.rpm tetex-dvips-3.0-33.15.el5_8.1.ia64.rpm tetex-fonts-3.0-33.15.el5_8.1.ia64.rpm tetex-latex-3.0-33.15.el5_8.1.ia64.rpm tetex-xdvi-3.0-33.15.el5_8.1.ia64.rpm ppc: tetex-3.0-33.15.el5_8.1.ppc.rpm tetex-afm-3.0-33.15.el5_8.1.ppc.rpm tetex-debuginfo-3.0-33.15.el5_8.1.ppc.rpm tetex-doc-3.0-33.15.el5_8.1.ppc.rpm tetex-dvips-3.0-33.15.el5_8.1.ppc.rpm tetex-fonts-3.0-33.15.el5_8.1.ppc.rpm tetex-latex-3.0-33.15.el5_8.1.ppc.rpm tetex-xdvi-3.0-33.15.el5_8.1.ppc.rpm s390x: tetex-3.0-33.15.el5_8.1.s390x.rpm tetex-afm-3.0-33.15.el5_8.1.s390x.rpm tetex-debuginfo-3.0-33.15.el5_8.1.s390x.rpm tetex-doc-3.0-33.15.el5_8.1.s390x.rpm tetex-dvips-3.0-33.15.el5_8.1.s390x.rpm tetex-fonts-3.0-33.15.el5_8.1.s390x.rpm tetex-latex-3.0-33.15.el5_8.1.s390x.rpm tetex-xdvi-3.0-33.15.el5_8.1.s390x.rpm x86_64: tetex-3.0-33.15.el5_8.1.x86_64.rpm tetex-afm-3.0-33.15.el5_8.1.x86_64.rpm tetex-debuginfo-3.0-33.15.el5_8.1.x86_64.rpm tetex-doc-3.0-33.15.el5_8.1.x86_64.rpm tetex-dvips-3.0-33.15.el5_8.1.x86_64.rpm tetex-fonts-3.0-33.15.el5_8.1.x86_64.rpm tetex-latex-3.0-33.15.el5_8.1.x86_64.rpm tetex-xdvi-3.0-33.15.el5_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2642.html https://www.redhat.com/security/data/cve/CVE-2010-3702.html https://www.redhat.com/security/data/cve/CVE-2010-3704.html https://www.redhat.com/security/data/cve/CVE-2011-0433.html https://www.redhat.com/security/data/cve/CVE-2011-0764.html https://www.redhat.com/security/data/cve/CVE-2011-1552.html https://www.redhat.com/security/data/cve/CVE-2011-1553.html https://www.redhat.com/security/data/cve/CVE-2011-1554.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQNkf0XlSAg2UNWIIRAiQFAJ9WUAfXKk43rYvg+UYPr0aOZvojRgCeKWRl PAzUWlaBGi1pT+Kr2TaQk1E= =iYiF -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
var-201310-0370 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D. Oracle Java SE is prone to a remote security vulnerability. The vulnerability can be exploited over multiple protocols. This issue affects the '2D' sub-component. This vulnerability affects the following supported versions: Java SE 7u40, Java SE 6u60, Java SE 5.0u51 , Java SE Embedded 7u40. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This updates IcedTea6 to version 1.11.14, which fixes these issues, as well as several others. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSiycxmqjQ0CJFipgRAgEDAKDflCdAJCTeaiQlfwCT2ypkKWxMAQCguZqZ JVNYykKzXuNiMTc7JATPYjA= =20DS -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2033-1 November 21, 2013 openjdk-6 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in OpenJDK 6. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783, CVE-2013-5804) Several vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. An attacker could exploit these to expose sensitive data over the network. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809, CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b27-1.12.6-1ubuntu0.12.04.4 icedtea-6-jre-jamvm 6b27-1.12.6-1ubuntu0.12.04.4 openjdk-6-jre 6b27-1.12.6-1ubuntu0.12.04.4 openjdk-6-jre-headless 6b27-1.12.6-1ubuntu0.12.04.4 openjdk-6-jre-lib 6b27-1.12.6-1ubuntu0.12.04.4 openjdk-6-jre-zero 6b27-1.12.6-1ubuntu0.12.04.4 Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b27-1.12.6-1ubuntu0.10.04.4 openjdk-6-jre 6b27-1.12.6-1ubuntu0.10.04.4 openjdk-6-jre-headless 6b27-1.12.6-1ubuntu0.10.04.4 openjdk-6-jre-lib 6b27-1.12.6-1ubuntu0.10.04.4 openjdk-6-jre-zero 6b27-1.12.6-1ubuntu0.10.04.4 This update uses a new upstream release, which includes additional bug fixes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04031205 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04031205 Version: 1 HPSBUX02943 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-12-04 Last Updated: 2013-12-04 Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v6.0.20 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-3829 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2013-4002 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2013-5772 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2013-5774 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-5776 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-5778 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-5780 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-5782 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5783 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2013-5784 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-5787 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5789 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5790 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-5797 (AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5 CVE-2013-5801 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-5802 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2013-5803 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2013-5804 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2013-5809 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5812 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2013-5814 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5817 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5818 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-5819 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-5820 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-5823 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-5824 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5825 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-5829 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5830 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5831 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-5840 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-5842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5843 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5848 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-5849 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-5852 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location: http://www.hp.com/java OS Version Release Version HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.21 or subsequent MANUAL ACTIONS: Yes - Update For Java v6.0 update to Java v6.0.21 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 =========== Jdk60.JDK60-COM Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W Jre60.JRE60-COM Jre60.JRE60-COM-DOC Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS action: install revision 1.6.0.21.00 or subsequent HP-UX B.11.23 HP-UX B.11.31 =========== Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS action: install revision 1.6.0.21.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 4 December 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2013:1451-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1451.html Issue date: 2013-10-22 CVE Names: CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5838 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782) The class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830) Multiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838) Multiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions. (CVE-2013-5809) The FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802) Multiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823) Multiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784) It was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778) Multiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks. (CVE-2013-5804, CVE-2013-5797) Various OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780) The Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772) The Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1018713 - CVE-2013-5803 OpenJDK: insufficient checks of KDC replies (JGSS, 8014341) 1018717 - CVE-2013-5772 OpenJDK: insufficient html escaping in jhat (jhat, 8011081) 1018720 - CVE-2013-5797 OpenJDK: insufficient escaping of window title string (Javadoc, 8016675) 1018727 - CVE-2013-5784 OpenJDK: insufficient InterfaceImplementor security checks (Scripting, 8017299) 1018736 - CVE-2013-5790 OpenJDK: insufficient security checks (Beans, 8012071) 1018750 - CVE-2013-5849 OpenJDK: insufficient DataFlavor security checks (AWT, 8012277) 1018755 - CVE-2013-5800 OpenJDK: default keytab path information leak (JGSS, 8022931) 1018785 - CVE-2013-5780 OpenJDK: key data leak via toString() methods (Libraries, 8011071) 1018831 - CVE-2013-5840 OpenJDK: getDeclaringClass() information leak (Libraries, 8014349) 1018972 - CVE-2013-5820 OpenJDK: insufficient security checks (JAXWS, 8017505) 1018977 - CVE-2013-5851 OpenJDK: XML stream factory finder information leak (JAXP, 8013502) 1018984 - CVE-2013-5778 OpenJDK: image conversion out of bounds read (2D, 8014102) 1019108 - CVE-2013-5782 OpenJDK: Incorrect awt_getPixelByte/awt_getPixelShort/awt_setPixelByte/awt_setPixelShort image raster checks (2D, 8014093) 1019110 - CVE-2013-5830 OpenJDK: checkPackageAccess missing security check (Libraries, 8017291) 1019113 - CVE-2013-5809 OpenJDK: JPEGImageReader and JPEGImageWriter missing band size checks (2D, 8013510) 1019115 - CVE-2013-5829 OpenJDK: Java2d Disposer security bypass (2D, 8017287) 1019117 - CVE-2013-5814 OpenJDK: RMIConnection stub missing permission check (CORBA, 8011157) 1019118 - CVE-2013-5817 OpenJDK: VersionHelper12 does not honor modifyThreadGroup restriction (JNDI, 8013739) 1019123 - CVE-2013-5842 OpenJDK: ObjectInputStream/ObjectOutputStream missing checks (Libraries, 8014987) 1019127 - CVE-2013-5850 OpenJDK: Missing CORBA security checks (Libraries, 8017196) 1019130 - CVE-2013-5802 OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425) 1019131 - CVE-2013-5804 OpenJDK: javac does not ignore certain ignorable characters (Javadoc, 8016653) 1019133 - CVE-2013-3829 OpenJDK: java.util.TimeZone does not restrict setting of default time zone (Libraries, 8001029) 1019137 - CVE-2013-5783 OpenJDK: JTable not properly performing certain access checks (Swing, 8013744) 1019139 - CVE-2013-5825 OpenJDK: XML parsing Denial of Service (JAXP, 8014530) 1019145 - CVE-2013-5823 OpenJDK: com.sun.org.apache.xml.internal.security.utils.UnsyncByteArrayOutputStream Denial of Service (Security, 8021290) 1019147 - CVE-2013-5774 OpenJDK: Inet6Address class IPv6 address processing errors (Libraries, 8015743) 1019176 - CVE-2013-4002 OpenJDK: XML parsing Denial of Service (JAXP, 8017298) 1019300 - CVE-2013-5838 OpenJDK: Vulnerability in Libraries component (Libraries, 7023639) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.src.rpm i386: java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.el6_4.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.src.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.src.rpm i386: java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.el6_4.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.el6_4.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.src.rpm i386: java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.el6_4.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.el6_4.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-3829.html https://www.redhat.com/security/data/cve/CVE-2013-4002.html https://www.redhat.com/security/data/cve/CVE-2013-5772.html https://www.redhat.com/security/data/cve/CVE-2013-5774.html https://www.redhat.com/security/data/cve/CVE-2013-5778.html https://www.redhat.com/security/data/cve/CVE-2013-5780.html https://www.redhat.com/security/data/cve/CVE-2013-5782.html https://www.redhat.com/security/data/cve/CVE-2013-5783.html https://www.redhat.com/security/data/cve/CVE-2013-5784.html https://www.redhat.com/security/data/cve/CVE-2013-5790.html https://www.redhat.com/security/data/cve/CVE-2013-5797.html https://www.redhat.com/security/data/cve/CVE-2013-5800.html https://www.redhat.com/security/data/cve/CVE-2013-5802.html https://www.redhat.com/security/data/cve/CVE-2013-5803.html https://www.redhat.com/security/data/cve/CVE-2013-5804.html https://www.redhat.com/security/data/cve/CVE-2013-5809.html https://www.redhat.com/security/data/cve/CVE-2013-5814.html https://www.redhat.com/security/data/cve/CVE-2013-5817.html https://www.redhat.com/security/data/cve/CVE-2013-5820.html https://www.redhat.com/security/data/cve/CVE-2013-5823.html https://www.redhat.com/security/data/cve/CVE-2013-5825.html https://www.redhat.com/security/data/cve/CVE-2013-5829.html https://www.redhat.com/security/data/cve/CVE-2013-5830.html https://www.redhat.com/security/data/cve/CVE-2013-5838.html https://www.redhat.com/security/data/cve/CVE-2013-5840.html https://www.redhat.com/security/data/cve/CVE-2013-5842.html https://www.redhat.com/security/data/cve/CVE-2013-5849.html https://www.redhat.com/security/data/cve/CVE-2013-5850.html https://www.redhat.com/security/data/cve/CVE-2013-5851.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSZrmrXlSAg2UNWIIRAh6sAJ0WQ797HscVf/5+FQidZT6jkWaPsgCZAUjS J8t9STiPD1W6tH8qpm7fzBA= =hgt4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
var-201901-1586 In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. plural Apple The product contains a vulnerability in which sound acquired via audio elements is acquired with cross-origin.Sounds may be acquired with a cross-origin. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. iTunes for Windows is a media player application based on the Windows platform. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 11.4.1; Safari prior to 11.1.2; Windows-based iTunes prior to 12.8; tvOS prior to 11.4.1; Windows-based iCloud prior to 7.6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201808-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: August 22, 2018 Bugs: #652820, #658168, #662974 ID: 201808-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.20.4 >= 2.20.4 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebkitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.20.4" References ========== [ 1 ] CVE-2018-11646 https://nvd.nist.gov/vuln/detail/CVE-2018-11646 [ 2 ] CVE-2018-11712 https://nvd.nist.gov/vuln/detail/CVE-2018-11712 [ 3 ] CVE-2018-11713 https://nvd.nist.gov/vuln/detail/CVE-2018-11713 [ 4 ] CVE-2018-12293 https://nvd.nist.gov/vuln/detail/CVE-2018-12293 [ 5 ] CVE-2018-12294 https://nvd.nist.gov/vuln/detail/CVE-2018-12294 [ 6 ] CVE-2018-4101 https://nvd.nist.gov/vuln/detail/CVE-2018-4101 [ 7 ] CVE-2018-4113 https://nvd.nist.gov/vuln/detail/CVE-2018-4113 [ 8 ] CVE-2018-4114 https://nvd.nist.gov/vuln/detail/CVE-2018-4114 [ 9 ] CVE-2018-4117 https://nvd.nist.gov/vuln/detail/CVE-2018-4117 [ 10 ] CVE-2018-4118 https://nvd.nist.gov/vuln/detail/CVE-2018-4118 [ 11 ] CVE-2018-4119 https://nvd.nist.gov/vuln/detail/CVE-2018-4119 [ 12 ] CVE-2018-4120 https://nvd.nist.gov/vuln/detail/CVE-2018-4120 [ 13 ] CVE-2018-4121 https://nvd.nist.gov/vuln/detail/CVE-2018-4121 [ 14 ] CVE-2018-4122 https://nvd.nist.gov/vuln/detail/CVE-2018-4122 [ 15 ] CVE-2018-4125 https://nvd.nist.gov/vuln/detail/CVE-2018-4125 [ 16 ] CVE-2018-4127 https://nvd.nist.gov/vuln/detail/CVE-2018-4127 [ 17 ] CVE-2018-4128 https://nvd.nist.gov/vuln/detail/CVE-2018-4128 [ 18 ] CVE-2018-4129 https://nvd.nist.gov/vuln/detail/CVE-2018-4129 [ 19 ] CVE-2018-4133 https://nvd.nist.gov/vuln/detail/CVE-2018-4133 [ 20 ] CVE-2018-4146 https://nvd.nist.gov/vuln/detail/CVE-2018-4146 [ 21 ] CVE-2018-4162 https://nvd.nist.gov/vuln/detail/CVE-2018-4162 [ 22 ] CVE-2018-4163 https://nvd.nist.gov/vuln/detail/CVE-2018-4163 [ 23 ] CVE-2018-4165 https://nvd.nist.gov/vuln/detail/CVE-2018-4165 [ 24 ] CVE-2018-4190 https://nvd.nist.gov/vuln/detail/CVE-2018-4190 [ 25 ] CVE-2018-4192 https://nvd.nist.gov/vuln/detail/CVE-2018-4192 [ 26 ] CVE-2018-4199 https://nvd.nist.gov/vuln/detail/CVE-2018-4199 [ 27 ] CVE-2018-4200 https://nvd.nist.gov/vuln/detail/CVE-2018-4200 [ 28 ] CVE-2018-4201 https://nvd.nist.gov/vuln/detail/CVE-2018-4201 [ 29 ] CVE-2018-4204 https://nvd.nist.gov/vuln/detail/CVE-2018-4204 [ 30 ] CVE-2018-4214 https://nvd.nist.gov/vuln/detail/CVE-2018-4214 [ 31 ] CVE-2018-4218 https://nvd.nist.gov/vuln/detail/CVE-2018-4218 [ 32 ] CVE-2018-4222 https://nvd.nist.gov/vuln/detail/CVE-2018-4222 [ 33 ] CVE-2018-4232 https://nvd.nist.gov/vuln/detail/CVE-2018-4232 [ 34 ] CVE-2018-4233 https://nvd.nist.gov/vuln/detail/CVE-2018-4233 [ 35 ] CVE-2018-4261 https://nvd.nist.gov/vuln/detail/CVE-2018-4261 [ 36 ] CVE-2018-4262 https://nvd.nist.gov/vuln/detail/CVE-2018-4262 [ 37 ] CVE-2018-4263 https://nvd.nist.gov/vuln/detail/CVE-2018-4263 [ 38 ] CVE-2018-4264 https://nvd.nist.gov/vuln/detail/CVE-2018-4264 [ 39 ] CVE-2018-4265 https://nvd.nist.gov/vuln/detail/CVE-2018-4265 [ 40 ] CVE-2018-4266 https://nvd.nist.gov/vuln/detail/CVE-2018-4266 [ 41 ] CVE-2018-4267 https://nvd.nist.gov/vuln/detail/CVE-2018-4267 [ 42 ] CVE-2018-4270 https://nvd.nist.gov/vuln/detail/CVE-2018-4270 [ 43 ] CVE-2018-4272 https://nvd.nist.gov/vuln/detail/CVE-2018-4272 [ 44 ] CVE-2018-4273 https://nvd.nist.gov/vuln/detail/CVE-2018-4273 [ 45 ] CVE-2018-4278 https://nvd.nist.gov/vuln/detail/CVE-2018-4278 [ 46 ] CVE-2018-4284 https://nvd.nist.gov/vuln/detail/CVE-2018-4284 [ 47 ] WebKitGTK+ Security Advisory WSA-2018-0003 https://webkitgtk.org/security/WSA-2018-0003.html [ 48 ] WebKitGTK+ Security Advisory WSA-2018-0004 https://webkitgtk.org/security/WSA-2018-0004.html [ 49 ] WebKitGTK+ Security Advisory WSA-2018-0005 https://webkitgtk.org/security/WSA-2018-0005.html [ 50 ] WebKitGTK+ Security Advisory WSA-2018-0006 https://webkitgtk.org/security/WSA-2018-0006.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201808-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-9-1 iOS 11.4.1 iOS 11.4.1 is now available and addresses the following: CFNetwork Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks. CVE-2018-4293: an anonymous researcher Emoji Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing an emoji under certain configurations may lead to a denial of service Description: A denial of service issue was addressed with improved memory handling. CVE-2018-4290: Patrick Wardle of Digita Security Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2018-4282: Proteas of Qihoo 360 Nirvan Team libxpc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4280: Brandon Azad libxpc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4248: Brandon Azad LinkPresentation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may exfiltrate audio data cross-origin Description: Sound fetched through audio elements may be exfiltrated cross-origin. CVE-2018-4278: Jun Kokatsu (@shhnjk) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to cause a denial of service Description: A race condition was addressed with additional validation. CVE-2018-4266: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. CVE-2018-4274: an anonymous researcher WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4270: found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4284: Found by OSS-Fuzz WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4271: found by OSS-Fuzz CVE-2018-4273: found by OSS-Fuzz WebKit Page Loading Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4260: xisigr of Tencent's Xuanwu Lab (tencent.com) Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 11.4.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltDyFEpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQ8ecVjteJiCaYqQ/+ LoOw2Hgwr9l7EplQS1O9t9ssVvjaQ25JhxeAkEHhrrLTTpEHNOYhBgPj3XV3DkNT QR1XDKykgVXq1jAMqy2CzpVvb0bWrhAZte7lwLwTKiSdzWzY99LspMtck0uZXg5y qoePuHIifMF5oMzRsLq2IDKj7sDJ3mEOjOGizfJ5BRdFOZPKmuTLK/LnafzoqlOY XAYMj3puFWnlMs1ewTTbup5Oh0totisA7WlpDleG+a/IborfXe89nvUIAEyPH3UF jbPXGlIrB+aofMmoxgbJ7YDXm+7RZbRShrqS3IIwbuVWlWxi8M6AYvlFCAxKc3In R3Bum13NIR8ZTfLARmrRos54kzmygazCHK0yIkeKvJW3uSFIOUbBtkKQ8EpE8og9 KzNvxyMd5Le6kCJe8JECl6jrfnY7QrYBIPxowXymfcRyYpnpIidYHUPlej8OZYnT fH8lWsE09CikZjBLyKmM6NJ4Y24CAmILyJWTmrM+pM9jLN9InWxTr0raY+MiULnI MZgqDuP+wMKfcGGngOkDnmm84w4RSnwK7bRgVtCWV99rnqZvzDgoYhJXDyXXuPqL P0HN+TKdCJ7e+C4boqDup2Ojz7YhFXfCwkJ1fHLD+L+Aj46eLbuu9936vGgvAzQI 7aT98URG/GMffZ3Y53yDJZxHDTnFQ5/tOlNBv8LKJDA= =mzJ2 -----END PGP SIGNATURE----- . ------------------------------------------------------------------------ WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 ------------------------------------------------------------------------ Date reported : August 07, 2018 Advisory ID : WSA-2018-0006 WebKitGTK+ Advisory URL : https://webkitgtk.org/security/WSA-2018-0006.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2018-0006.html CVE identifiers : CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4271, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-2018-12911. Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit. CVE-2018-4246 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.1. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4261 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Omair working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4262 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Mateusz Krzywicki working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4263 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Arayz working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4264 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light- Year Security Lab. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4265 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to cc working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4266 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. A malicious website may be able to cause a denial of service. A race condition was addressed with additional validation. CVE-2018-4267 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Arayz of Pangu team working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4270 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to an unexpected application crash. CVE-2018-4271 Versions affected: WebKitGTK+ before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to an unexpected application crash. CVE-2018-4272 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-4273 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to an unexpected application crash. CVE-2018-4278 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Jun Kokatsu (@shhnjk). A malicious website may exfiltrate audio data cross-origin. CVE-2018-4284 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to OSS-Fuzz. Processing maliciously crafted web content may lead to arbitrary code execution. CVE-2018-12911 Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before 2.20.2. Credit to Yu Haiwan. Processing maliciously crafted web content may lead to arbitrary code execution. We recommend updating to the latest stable versions of WebKitGTK+ and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK+ and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/. The WebKitGTK+ and WPE WebKit team, August 07, 2018 . CVE-2018-4260: xisigr of Tencent's Xuanwu Lab (tencent.com) Installation note: Safari 11.1.2 may be obtained from the Mac App Store. ========================================================================== Ubuntu Security Notice USN-3743-1 August 16, 2018 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libjavascriptcoregtk-4.0-18 2.20.5-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 2.20.5-0ubuntu0.18.04.1 Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.20.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.20.5-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3743-1 CVE-2018-12911, CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.5-0ubuntu0.18.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.20.5-0ubuntu0.16.04.1
var-201006-0051 Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings. CUPS is prone to a cross-site request-forgery vulnerability. This issue affects the CUPS web interface component. Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected application. NOTE: This issue was previously covered in BID 40871 (Apple Mac OS X Prior to 10.6.4 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Mac OS X is the operating system used by Apple family computers, and Font Book is a font management tool included in Mac OS X. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2176-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 02, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cups Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2008-5183 CVE-2009-3553 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2431 CVE-2010-2432 CVE-2010-2941 Several vulnerabilities have been discovered in the Common UNIX Printing System: CVE-2008-5183 A null pointer dereference in RSS job completion notifications could lead to denial of service. CVE-2009-3553 It was discovered that incorrect file descriptor handling could lead to denial of service. CVE-2010-0540 A cross-site request forgery vulnerability was discovered in the web interface. CVE-2010-0542 Incorrect memory management in the filter subsystem could lead to denial of service. CVE-2010-2431 Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. CVE-2010-2432 Denial of service in the authentication code. CVE-2010-2941 Incorrect memory management in the IPP code could lead to denial of service or the execution of arbitrary code. For the oldstable distribution (lenny), this problem has been fixed in version 1.3.8-1+lenny9. The stable distribution (squeeze) and the unstable distribution (sid) had already been fixed prior to the initial Squeeze release. We recommend that you upgrade your cups packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk1tgPIACgkQXm3vHE4uyloDXQCgxy/m5yHvjnIopjEdPcmdzIW5 HaAAn1r6v/N27Y5g5O4vudCQgLt7uBPx =j7wC -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0540 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0542 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2431 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: f659df34ee2b206427a38cefbca99cc2 2009.0/i586/cups-1.3.10-0.4mdv2009.0.i586.rpm 1b92d2762a23b983f0da6ed527c9cee8 2009.0/i586/cups-common-1.3.10-0.4mdv2009.0.i586.rpm a0719dfedbcce4ca02b8f1d69250c67b 2009.0/i586/cups-serial-1.3.10-0.4mdv2009.0.i586.rpm 130c8d5b44e513e52d6d40fc22974139 2009.0/i586/libcups2-1.3.10-0.4mdv2009.0.i586.rpm 06d0f7f3754246e67ff100ee3e15a6c2 2009.0/i586/libcups2-devel-1.3.10-0.4mdv2009.0.i586.rpm 7179976e3a7490deced5374723453065 2009.0/i586/php-cups-1.3.10-0.4mdv2009.0.i586.rpm d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 109c1f41b21fbb8e2c97aaeafae1340a 2009.0/x86_64/cups-1.3.10-0.4mdv2009.0.x86_64.rpm d0fca9c94c5269fec27a31086c399145 2009.0/x86_64/cups-common-1.3.10-0.4mdv2009.0.x86_64.rpm 4ff96778ae90f228ef99d94487d87f77 2009.0/x86_64/cups-serial-1.3.10-0.4mdv2009.0.x86_64.rpm 3f0127d51b2cdc9bf661e9de91b52f39 2009.0/x86_64/lib64cups2-1.3.10-0.4mdv2009.0.x86_64.rpm 473bdbea1f1379fc46f0523ab5a91e92 2009.0/x86_64/lib64cups2-devel-1.3.10-0.4mdv2009.0.x86_64.rpm 6d720a64deac48ca276266bb6895f72d 2009.0/x86_64/php-cups-1.3.10-0.4mdv2009.0.x86_64.rpm d457f260b56c65d119f3f4577a7dc90f 2009.0/SRPMS/cups-1.3.10-0.4mdv2009.0.src.rpm Mandriva Linux 2010.0: b896bb55528f9b3f7329bdefbd06e907 2010.0/i586/cups-1.4.1-12.2mdv2010.0.i586.rpm 9915c592984b953fc97caeaff6adfd51 2010.0/i586/cups-common-1.4.1-12.2mdv2010.0.i586.rpm 9301ef3c2f510317064d543603ce2093 2010.0/i586/cups-serial-1.4.1-12.2mdv2010.0.i586.rpm 30b760a74bfe1338139c810e727321c0 2010.0/i586/libcups2-1.4.1-12.2mdv2010.0.i586.rpm d6bb4b1902321d01065f5523fe8b8bd1 2010.0/i586/libcups2-devel-1.4.1-12.2mdv2010.0.i586.rpm 1e9b384c4ca7bfdd0a5294662e167cbb 2010.0/i586/php-cups-1.4.1-12.2mdv2010.0.i586.rpm a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: b85a2eb58e0321e8bbe9f0db0b67b270 2010.0/x86_64/cups-1.4.1-12.2mdv2010.0.x86_64.rpm c3e5f2aaab48b3569af9adc0fe066e36 2010.0/x86_64/cups-common-1.4.1-12.2mdv2010.0.x86_64.rpm 8cae31ce49c4d45093a09aab4317c452 2010.0/x86_64/cups-serial-1.4.1-12.2mdv2010.0.x86_64.rpm 330e6c0d2fb1c00c63ac3750b0e3044a 2010.0/x86_64/lib64cups2-1.4.1-12.2mdv2010.0.x86_64.rpm bc7348bba4476c16c35e651b9826431c 2010.0/x86_64/lib64cups2-devel-1.4.1-12.2mdv2010.0.x86_64.rpm cc0081d5748a4e538b1154e110eb74ea 2010.0/x86_64/php-cups-1.4.1-12.2mdv2010.0.x86_64.rpm a3ade5cdca9098f024c821f02e2497d1 2010.0/SRPMS/cups-1.4.1-12.2mdv2010.0.src.rpm Mandriva Enterprise Server 5: 27242832f57d843a6e96f7be948060f7 mes5/i586/cups-1.3.10-0.4mdvmes5.1.i586.rpm c68061ebd7157579308ba9e3c0a0e988 mes5/i586/cups-common-1.3.10-0.4mdvmes5.1.i586.rpm 2a06820729e49c98883494971dbd839e mes5/i586/cups-serial-1.3.10-0.4mdvmes5.1.i586.rpm f959dac3e1ce73a9c228a56956f50277 mes5/i586/libcups2-1.3.10-0.4mdvmes5.1.i586.rpm eb7ab898a4c42c095cdd82a12527ce78 mes5/i586/libcups2-devel-1.3.10-0.4mdvmes5.1.i586.rpm 64c94ac46b571cafb1610c49a6134031 mes5/i586/php-cups-1.3.10-0.4mdvmes5.1.i586.rpm e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 992e12cd8507d0d58fb6e72ca402429f mes5/x86_64/cups-1.3.10-0.4mdvmes5.1.x86_64.rpm 4528d0e4dccbc15507e8575c98255711 mes5/x86_64/cups-common-1.3.10-0.4mdvmes5.1.x86_64.rpm 3e840cbe6f1883706c14cbafc838478c mes5/x86_64/cups-serial-1.3.10-0.4mdvmes5.1.x86_64.rpm a8cfe7e9c3e82ae1c61b7da0ba7daf26 mes5/x86_64/lib64cups2-1.3.10-0.4mdvmes5.1.x86_64.rpm b377f64dff30db3b76cd7b651f796783 mes5/x86_64/lib64cups2-devel-1.3.10-0.4mdvmes5.1.x86_64.rpm d2b4d6a768bd6083c970d53744e4aeb1 mes5/x86_64/php-cups-1.3.10-0.4mdvmes5.1.x86_64.rpm e2adcd8eec6039164aa45738cec40586 mes5/SRPMS/cups-1.3.10-0.4mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40220 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40220/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40220 RELEASE DATE: 2010-06-24 DISCUSS ADVISORY: http://secunia.com/advisories/40220/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40220/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40220 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) The CUPS web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to change CUPS settings if a logged-in administrative user visits a malicious web site. 2) A use-after-free error in CUPS when processing "get-printer-jobs" requests can be exploited to crash "cupsd". NOTE: "cupsd" is automatically restarted after the crash occurs. 3) An uninitialised memory access error in the CUPS web interface when handling form variables can be exploited to disclose potentially sensitive "cupsd" memory. 4) The "Finder" implementation leaves the ownership of selected files unchanged when "Apply to enclosed items..." is selected in the "Get Info" window, resulting in unexpected permissions. 5) An error in Adobe Flash Player can be exploited to bypass domain sandbox limitations and perform unauthorized cross-domain requests. For more information: SA38547 6) An error in "Folder Manager" when unmounting disk images containing a malicious "Cleanup At Startup" directory can be exploited to delete arbitrary directories via symlink attacks. 7) An input sanitation error exists in "Help Viewer" when handling "help:" URLs. This can be exploited to execute arbitrary JavaScript code in the context of the local domain and disclose sensitive information or potentially execute arbitrary code. 8) An error in iChat when handling inline image transfers can be exploited to upload files to arbitrary locations on an AIM user's system via directory traversal attacks. 9) Multiple integer overflow errors in LibTIFF can be exploited to cause heap-based buffer overflows and potentially execute arbitrary code. For more information: SA40181 10) An unspecified error in ImageIO when processing MPEG2 movie files can be exploited to corrupt memory and potentially execute arbitrary code. 11) Multiple integer underflow errors in Kerberos can be exploited to corrupt heap memory and potentially execute arbitrary code. For more information: SA38080 12) An error in Kerberos can be exploited by malicious users to trigger a double-free and potentially execute arbitrary code. For more information: SA39420 13) An error in Kerberos when handling authorization data can be exploited to terminate an affected server. 14) An error in libcurl when handling compressed web content can potentially be exploited to cause a buffer overflow and execute arbitrary code. 16) A format string error when handling "afp:", "cifs:", and "smb:" URLs can be exploited to potentially execute arbitrary code. 17) Open Directory establishes plain text connections when binding to network account servers without SSL support. This can be exploited to potentially execute arbitrary code via Man-in-the-Middle (MitM) attacks. 18) An error when handling local network printers having a Unicode character in the service name can be exploited to trigger a printing failure in certain applications. 19) An integer overflow error in the CUPS "cgtexttops" filter can be exploited to corrupt memory and potentially execute arbitrary code. 20) An error in the Ruby WEBrick HTTP server can be exploited to generate error pages interpreted as having an UTF-7 character set. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 21) An error in the configuration of the included Samba distribution can be exploited to gain access to arbitrary files via symlink attacks. This may be related to: SA38454 22) Multiple errors in SquirrelMail can be exploited to conduct cross-site scripting, cross-site request forgery, session fixation, and phishing attacks. For more information: SA34627 SA35073 23) Wiki Server does not specify a character set when serving HTML documents. This can be exploited to execute arbitrary HTML and script code in a user's browser session by making a specially crafted post or comment. SOLUTION: Apply Security Update 2010-004 or update to version 10.6.4. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Adrian 'pagvac' Pastor of Gnucitizen 6, 8, 10, 15, 20) Reported by the vendor. The vendor also credits: 1) Tim Starling 2) Tim Waugh 3) Luca Carettoni 4) Michi Ruepp of pianobakery.com 7) Clint Ruoho of Laconic Security 9) Kevin Finisterre of digitalmunition.com 16) Ilja van Sprundel of IOActive, and Chris Ries of Carnegie Mellon University Computing Services 18) Filipp Lepalaan of mcare Oy 19) regenrecht working with iDefense ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4188 Gnucitizen: http://www.gnucitizen.org/blog/apple-further-locks-down-cups-cve-2010-0540/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201207-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Multiple vulnerabilities Date: July 09, 2012 Bugs: #295256, #308045, #325551, #380771 ID: 201207-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in CUPS, some of which may allow execution of arbitrary code or local privilege escalation. Background ========== CUPS, the Common Unix Printing System, is a full-featured print server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 1.4.8-r1 >= 1.4.8-r1 Description =========== Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker may be able to execute arbitrary code using specially crafted streams, IPP requests or files, or cause a Denial of Service (daemon crash or hang). A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remote attacker may be able to obtain sensitive information from the CUPS process or hijack a CUPS administrator authentication request. Workaround ========== There is no known workaround at this time. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.4.8-r1" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 03, 2011. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2009-3553 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3553 [ 2 ] CVE-2010-0302 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0302 [ 3 ] CVE-2010-0393 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0393 [ 4 ] CVE-2010-0540 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0540 [ 5 ] CVE-2010-0542 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0542 [ 6 ] CVE-2010-1748 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1748 [ 7 ] CVE-2010-2431 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2431 [ 8 ] CVE-2010-2432 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2432 [ 9 ] CVE-2010-2941 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2941 [ 10 ] CVE-2011-3170 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201207-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-952-1 June 21, 2010 cups, cupsys vulnerabilities CVE-2010-0540, CVE-2010-0542, CVE-2010-1748 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.19 Ubuntu 8.04 LTS: cupsys 1.3.7-1ubuntu3.11 Ubuntu 9.04: cups 1.3.9-17ubuntu3.9 Ubuntu 9.10: cups 1.4.1-5ubuntu2.6 Ubuntu 10.04 LTS: cups 1.4.3-1ubuntu1.2 In general, a standard system update will make all the necessary changes. (CVE-2010-0540) It was discovered that CUPS did not properly handle memory allocations in the texttops filter. (CVE-2010-1748) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19.diff.gz Size/MD5: 115313 005b2e259ee2bc9aeb334d3b2ca51faa http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19.dsc Size/MD5: 1061 177a2f8e4a29a35ea13fd51256f1380f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.19_all.deb Size/MD5: 998 35bdefd4098d83e84274364d62ee78ae amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 36246 f780e86740e595dc53b1ed5c75b55c13 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 81834 4085edf21acd7cc603465d9cab24197f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 2297664 891a2b5476e05e98e0b821fad88d0daf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 6096 7f361fac37f34a2560226286e3f59cb4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 78160 7a84d018f2ca5b447dc647034759b0e1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 25738 dad628ebfbdc12b32325657781edd0e4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_amd64.deb Size/MD5: 131420 8cf624425e00972351b02f37d150916e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 34766 84d90801efca2b0330fccea613ce63de http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 77896 158339fe207b732d69201e75cb0f3381 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 2263760 2eca2208b83d962a5c3c5e1fe6d4275f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 6094 36b6a321662416156d7260007a6ca31a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 77288 ad80ca6edfc486db896d9eb779e0f650 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 25744 1d533c0ab57482330ae306a7891ec6ff http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_i386.deb Size/MD5: 123508 83db482d3738e3ffcc3bfbee0cc33721 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 40476 37b383d15aacfd39dae5300cf032bbd1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 89508 0f77ab8e581be995daab715e3dd7abc3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 2310060 47807a4cd2146d7a209a2a189c2b8cb3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 6100 ea6cc5c9d5f9bed2541300fe56597e78 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 79802 b1a45ff6919450143c754a1ff36e9060 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 25742 1f563fdffe4e8bd058bedf9460e88e4c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_powerpc.deb Size/MD5: 129252 330ddedb5d53bae2ba5c7752e18fcfa6 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 35384 8ed75eb174931274c38d13af2fb7c112 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 78676 ddd3a0a2cb9352db14eb335413b08f46 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 2298378 da734c1436bd698bec5f919f75d28ed5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 6096 e1848071c118342cd2c4bb2cb3ca2ce9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 77080 aacd50b0ac685df76f63d312727604d9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 25752 05b0ee318bdfa19b7de919ed6754b410 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.19_sparc.deb Size/MD5: 124994 c16e6c9aaca61f227d1c3940d93002da Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11.diff.gz Size/MD5: 152646 c20cc845d61bec4c777a623bdd3a6043 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11.dsc Size/MD5: 1444 f04fc7976a0a92b58e57ff27631efab0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz Size/MD5: 4700333 383e556d9841475847da6076c88da467 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.11_all.deb Size/MD5: 1144560 7b4f2abb608fa6c442994caa8c47e110 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 37526 a9d6ecea3143d1335dc31815cf75dbd5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 90076 042ae92e8d94ae9d2482952b2e99df5a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 1890142 14da569119511e5f51b320cfc79506d1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 60796 60488f0471f8c9bc173c03320bb789b2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 50214 47f4d3a00e8f761452a020a09a7384b4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 345354 e963afb3e1275ddf97b68284e40372ea http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_amd64.deb Size/MD5: 179228 f33a66c1ac3967328f17297b1749b53b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 36950 df31639f3490ff68d09f8029cec8924f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 88546 b9ea8e8c14ed2d0f8ecfe137fdf6454a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 1872422 9b0e8cce7f3ac6f029d1d9722e98a213 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 60092 9e5eb97dd1cebd0229863029e4ca8f78 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 49858 34a9fac10b0722657d2ca8ef56848f8d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 339688 c898e4f9f0dca3101a03dd02111a10f4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_i386.deb Size/MD5: 176154 6a9ab1e5e19cadb5c7252502fc027de7 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 36672 f41063e4a148dc8899ebef34e6cbfb3c http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 88846 4b68211c70b5bb7e656254da22bbd318 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 1874024 d6476f29b2979d242c8ff37d2241a61b http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 60494 320b2a5fdfebf2c40a0710adff97036d http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 50816 3c56d3f411c40dedf3b6436b30b54b9a http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 337320 79b5fb2771ca47c968f5abf93b91202c http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_lpia.deb Size/MD5: 174996 0bcdda8df4f857444adca2943fd3c170 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 46938 ad94ebf4867859a982bb89477eab7ea4 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 110644 a281f4e5aa21d689540f919d5ee3fa5d http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 1958650 0e52cf6cd29c14ff0f2cc3212c552b99 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 59936 4091d328dee9d0deba5661fc5e762f1c http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 54924 4fcf6eb1050a0eeee9854126fee0a79e http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 342064 8d4b8d42acc54c66da52949ea44fd553 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_powerpc.deb Size/MD5: 184954 42c1c793307f1cc4d18d522ae80f0270 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 38036 e62ae6e8d6d291f9ed605c555d158718 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 91032 0eeec008bd95aebc2cf01b29dc21c908 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 1907984 55de2e9030db5aa551bce341684870dc http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 57832 b053dd502dd903723e8d6a77ce0b1c2b http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 48216 1def563a1d36813e430550ff75cf8d5e http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 341820 abc71448985875caa6210132ecf46b93 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.11_sparc.deb Size/MD5: 174938 f91384db37267deab1639718fe3b8c34 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.9.diff.gz Size/MD5: 347764 2955695161c0ce780898d42714dba9c8 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.9.dsc Size/MD5: 1995 00cc768af9e65ccaaed74d7c4352e86d http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-17ubuntu3.9_all.deb Size/MD5: 1165952 144fdfb5ea034f6f0efa02c8d36f5667 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61232 dfdb0322c17e7e1b747ba8f9db12a498 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61240 06126e6e2f7caf9e7fd2f124daf3396c http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61226 808e56e373bc060585483194bcfac4a7 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61230 17df573a12aca59fb662736b11cb5a89 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-17ubuntu3.9_all.deb Size/MD5: 4518 b33fc896433f2122e19187140ff848bf http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61218 521cc3faadf974588bd059da948ffd46 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-17ubuntu3.9_all.deb Size/MD5: 61230 5d435cb91fe17f9603d67ac58cf00ebd amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 37304 456a29fc3e6e4a6a12afb28cf070d153 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 119754 3a3546041387ada93c1f834570d0b7db http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 1675558 fd25a667614137c16bfa36e8c4bcf772 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 2178564 f1799dbcec836870692ecaa40b254f8b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 352570 5ac8c911b9b70ba35f4054ae5fff6857 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 178584 8f72778104c3015920601f7d39ec58ca http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 61264 cc1633d90a82496ea55beb87d9e4282a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_amd64.deb Size/MD5: 52218 ef2c76e51468c29f16868f9b65a1d986 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 36230 3469935b69c38df8cc889905082f6170 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 115268 2c97947d64499af1488d7147aabd1272 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 1533088 e0c1e8945bcf28c325313ecc8675819b http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 2144702 03fd75f8698031522c9483663deaddf4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 346396 a89110547944785464731b47fadf5ef9 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 175170 470d2d69e5df366ca7d359b86c4693b3 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 60498 7a2cb2739132e79a1fa70c0983d6bda0 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_i386.deb Size/MD5: 51542 60e03d1de616cc7d9fd5deccfba7e73f lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 36028 95dd554290394bba340e1b9ed0eeca22 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 114518 7cdf8bfff996881b0ff38122507d24f8 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 1562414 99f96dacc52fb8ab31879dc8d917eed3 http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 2141504 666f44d2a5057b47b0926b8fbc0ff9ce http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 343356 43f548744343771bfccc97e0965767e5 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 173468 495c1181694e597d3e2ee9b7879f63b4 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 60670 59cb79251da624cf56788a6ebbdd1854 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_lpia.deb Size/MD5: 52342 8b1039fde9779991586c0861bde5d692 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 43570 1bfc6992664c3dcf9ac9853ab5b6f62f http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 138118 56c93d7803d01c16a39e9fbe917e3a98 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 1649586 223b30bbc9f4d0e25c327eb10bf364ec http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 2266484 6abc3509cdcf34e481d74adb7b939ec2 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 348324 d36b5c40f196d505735fe367a7a2380a http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 183986 555915a89c0a514dcb6e77486a9112ed http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 61310 1c61fe881255b71f6264119f319f24b3 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_powerpc.deb Size/MD5: 57406 ab4fb5ea4040929b5ec38abad5f38cfb sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 37208 6046757ca4fe9b690247c34fe009b8ea http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 117494 0a21aaee253debec63b21c20dfda20bd http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 1477080 6d03ce62f445559aeac03429e66cf9bb http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 2211336 6ea40676d2b68ab7e75e4e81d79493c5 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 345154 da2107d40cbf1f8575995dddb031ac25 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 170956 d17a5b8ce2609a9a73b8b49af592d31d http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 57854 9978193eaa21591bcbda0103bd2d7420 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.9_sparc.deb Size/MD5: 49696 e9933a11538063753748ab7a29ddf48b Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.6.diff.gz Size/MD5: 430803 9896ab093cf6c3ef71a80e0c37e4b7aa http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.6.dsc Size/MD5: 2273 893689e77881954b258ddb7107aa699e http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1.orig.tar.gz Size/MD5: 5287327 4dc8f431ef50752dfd61d9d4959abd06 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.1-5ubuntu2.6_all.deb Size/MD5: 1420352 27ce929720fc629fed288754a91ce13b http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.4.1-5ubuntu2.6_all.deb Size/MD5: 69858 388fcac30796d5907253d647b12d7969 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.1-5ubuntu2.6_all.deb Size/MD5: 69822 3cf78e179ad70f3273abfc1263664266 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.4.1-5ubuntu2.6_all.deb Size/MD5: 69854 97bd4ac6413bb46ab53861a581113f0a http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.4.1-5ubuntu2.6_all.deb Size/MD5: 69854 b391fa9c83fbf3009e56df2746ab94d2 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.4.1-5ubuntu2.6_all.deb Size/MD5: 4544 57b5675c9659d18d88a113f55a2176f9 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.4.1-5ubuntu2.6_all.deb Size/MD5: 69842 7aff9ca2dc796cb3604221265e9b2747 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 36714 b7a8d6d23214b4d0cbc888888a48e335 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 120262 8dfd957d0cc33ffaaf32072079907ee1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 90150 3233d3c9c94c0f262f00f4b71d7a81d5 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 1909664 73ed914b62e3c9e04dcaec55b543407d http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 210802 f23c0fdafcfd0fad270f8afa3a937c31 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 219530 3c472155e2f3471ddb68a50b6661aa42 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 103906 a77f22491afdfd65c60fe01ba8660673 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 33134 5d3ba0a39217678739e2c7812512d28c http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 90504 fe988efeb10d537670c25ad298c58eb7 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 22188 6316c51f52a01de4b3011411db62a5b7 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 61528 5b4718cdfd4387c0d7114f2580c8254b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 53152 4013a5f53425a382b45889fe73f6f3a9 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 81518 f81f9bcdd2faf8a7f9ba6fefe4f8cdc2 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 15490 e4228a982cf71ae48ee2af86325b45ac http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 143326 b8a0420a543914c8299e340a5723ba1d http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 60108 fa27048727ffbbb4e58ba9ee6ccaadeb http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_amd64.deb Size/MD5: 34522 851e93d20f1315beb56cf357956c5f2a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 35484 3a0b604fdbf0106ca6886eee07968dff http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 115306 688d22b75b84a4b0ef3ed89306f653bf http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 89220 4b4a76a3551a6c934975aa040289a3d4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 1867674 564568d5ec8164e9ee916dc41951d660 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 199732 6617d9b279c98755836e6ce614978924 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 213492 2c15204d6c3c638327b812a76259c33a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 102998 80bcbfadf15cb8f0b578362352fc461f http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 32872 2cb6e24ce760d286b1e4ce2e7dc9275c http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 90720 5c967305feec17ac2c2715ca3a553263 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 22070 d77fc0c0f4db9f7e907f658be56f9c42 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 60316 88f1d9c994bfc4ac28381aa8ca28585e http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 52414 b8598a149d3a8f8b3d0cb79f12633dea http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 81432 e2eba2bb5cd587421404445bf4cb3c36 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 15202 531427f9f7e56220142b4e51233daf01 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 141908 70047df2efe6271a7f0fe81be26e898b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 61440 287af16b51cbf417374964ce1faaa9a0 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_i386.deb Size/MD5: 32818 67c42e8a46deb780a4ea43679a8f7b1b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 35444 43e9a036f2cb42db2e2894edfef0afda http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 115172 a7a25b4d3d2c988a06dee38802fd2e0b http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 89146 d45d7185a76bd44f3e11a2f52b87f1fd http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 1865278 622d02b7fdcfd8ad0c7ab5e4758dc29c http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 197074 b109e960fb1cfd95ecc65cdcb106bc97 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 212098 185440c848f158c3f1ea8a00096454e6 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 102282 ff45f4229a289f1d3a5eadf0dfa1f6d7 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 32662 51fff11adcbf03ff5c6c4344231f40f4 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 90140 2025394e060c7ac4135fb3197c82e2aa http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 21772 94c88b2f892a3ca17071da2e1d3f57de http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 59952 b6e1c63ff6dcf6fae5ddf41e83bf2b39 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 52580 2733ad91569bb1b7018966ac2316d6b3 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 81372 71e31f4d06b1de5ede2c8186e60292fb http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 15308 f81a0425d623423089f99b429a15e916 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 142212 ec10060804a0e9747a65322cdb456ea0 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 62670 e9f0de51cdf2665eaeb9699f4440d4b3 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_lpia.deb Size/MD5: 33272 5cb032354f73c1f3b549b9bf4ba034b3 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 37002 98296fbdb2c48a660ec17b0c4a4f3c90 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 121666 bba9834fa00e775df09cf0f0488f7f9a http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 89800 d19794e77bb85ad268c3d2bc2bfa1f31 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 1931086 acb1d07a0d0a2dc17fba7683ec52e16b http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 203926 83542c3ef9602299bfb8302ed77290e7 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 224070 6ed170661f54e7fa50f61a69a904ec21 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 103042 8966b98ea957fbb8b92a4678317fddae http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 35072 b1aa40b4d141f00000864f0a87a795f3 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 89920 f1f371d9914166ec1af92bf5706253f0 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 22332 87366d86919da7b07046b73a1b276471 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 60622 d5dfb6d846e1b6f3935071d78da667ba http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 55370 b598355d538a5202a38c1286b8cf9cb8 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 81882 96dca3856de634bbd9596a6fc7afa9c6 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 15792 ada89970388879b889ce3ce23f0786e9 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 141460 54b03efb38851fc77a7c32217d89a838 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 64954 75bb84b2f2aed56705323657a98c94c6 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_powerpc.deb Size/MD5: 34788 3b21946edb4a3f5b5a53941a97c7902b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 36050 40e9f13fcb68ae0f7b780ddffa930569 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 117802 69758c023939b53c735884c8bb3da729 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 89654 d38e699a47d22475311fbc9f72835462 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 1954398 385300918a21dc44de8f253ee2f28eaf http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 201862 dcf93f4fd26767ca13dd8562244fcf1b http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 211164 700260b08f51811acc2a051b24378125 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 104686 dea3e49233b35c05ceb73d2c6cb377c2 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 32990 05ea0b382be4213b3a5a56cea510f2ef http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 90114 8e30914034d660780c8023500e6ffc3f http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 21388 3924468f70aa5cd4ba7000414fdf0688 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 58154 093eb825804bc6d172335e1a73f9afb6 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 50288 47b1de9dede6755e934512df997031d9 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 80642 f0c36f2b152a9c5834f871a9e3ba534a http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 14382 74976d5c3d9d2e5f84c63b3d95df8dad http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 144596 8c8e872d9a7fc3461cd3295c47c46da4 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 61448 f654d799a55faf5c5bbbc6d111d17e0e http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.6_sparc.deb Size/MD5: 33862 426ade2e9fa86473091f0722f60b2e3a Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.2.diff.gz Size/MD5: 496671 585b5a839d9ec546a9534330a76c0964 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.2.dsc Size/MD5: 2273 167a7ea0e055786fe2e5f74c03b92294 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3.orig.tar.gz Size/MD5: 5367387 947aefd4849d0da93b5a8a99673f62b2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.3-1ubuntu1.2_all.deb Size/MD5: 1463434 ab433df67ddd32bf49adbe3e16ba82c4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.4.3-1ubuntu1.2_all.deb Size/MD5: 73442 8dad2edf6d46f76dcb52db201016947d http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.3-1ubuntu1.2_all.deb Size/MD5: 73402 db5a399abfcb69136bdd86554d1ab636 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.4.3-1ubuntu1.2_all.deb Size/MD5: 73432 9fb3a058c65da62706a80d9484010eef http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.4.3-1ubuntu1.2_all.deb Size/MD5: 73438 dab3b5e2ff47294536789a858bb9a3b3 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.4.3-1ubuntu1.2_all.deb Size/MD5: 4552 e0c4a0047f7ec0268315afaa85caf9b0 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.4.3-1ubuntu1.2_all.deb Size/MD5: 73424 ced4b61fab69b55277de4b5a29b7017d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 44774 d9e37725367f31858091bdf5b168d881 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 140618 94b07ecdeac71ffd4ccd6417ba744a98 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 93886 7a2163f56c74b490b1c1a3a6c10d0cf4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 1973830 125e1409b54622ebcd8c0557efc004ab http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 212968 d6ab1b998818ba99f18b1e633666c13f http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 223550 2c887f725f30a5e1d9aa2c20d6268337 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 107780 ec510ebb54127d6567d5b585321733d4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 33114 5ccf1df923f97a7ab3f0dcb56f9c7294 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 94168 f3fb3af8004fcb81ef04220e6a66d7f2 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 22086 cf810510c3b376d69b13f37398aacc1a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 61438 882621ff9d056e9ac830ea5627bc0c93 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 53094 09ed3cb267e2e3b8bcbe208ea7a0ad02 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 85296 3557d7e7ba9cdc196a6040eea6cd7272 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 15444 ea9e1ce52141169dd6c64f2633c195a4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 147096 e85555341ed2031d26c921dc77ed7503 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 59990 9ba72110aead42b48c679562e4b55af0 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.2_amd64.deb Size/MD5: 34596 3d41e6ee5ab5bc0abd355c5625c36091 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 43346 6de1a8c71528e1ec1014a5331309e8bd http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 135836 9bee4520bf4ca64466a08a51b426088a http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 92978 9397ab013a3ee9f18378b30b40d924ce http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 1928108 558ae105b117bd0ba98580b0db10de45 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 202544 8bcf1d8fcafe878a6c3728ea448966e5 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 217726 7d8eddc54dc065a4a7d277c908e83f3e http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 106934 441cd88aabbaa2a57adb57daebfd13c1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 32950 fe896ca272249efb52cc3325c959b956 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 94304 20dd13df8749e1e3b17053288b768146 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 21780 8c493eed360e1c996dacf20a993a4457 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 60196 8937ce7e76d479a3be672ed8287a7675 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 52268 ca080db4912f21a37e496999506a4e12 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 85238 d9ded4b415c370cff8cf2c1a9c6b403a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 15138 c18676b7afb412704b384d02a9f764a0 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 145604 c3f0c1d386de11db2c83b29ce61d747e http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 61266 9350be23632e0bb41bacdf493916f1e5 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.2_i386.deb Size/MD5: 32894 588a8edd7a8cef5ad2312c6b2a466d41 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 44800 b5b282e36f232b95a4221a19c58e4d80 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 142152 c7959ec969f56a4c8061a9115e3fb9d0 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 93536 31ab6658804a9d5b8e165f7182522792 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 1992826 720559a8b6b13a49cb8de64599dc0d0c http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 206536 c0792eccffa336a078847fc1570f1847 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 228182 7336ad247af6f88cf383738429859a03 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 107032 aa51ce9c4d8b97a4be4c4604c1ece7dd http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 35034 5ad9a33558ab86fe168d1778367f5614 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 93706 46fab84fdbe699e3bf89ac4d7a7a5f21 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 22244 4427366e73d2ed6b756290bbbe89f33e http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 60546 b5561e25ff9d7a625079a4a92b97eeeb http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 55298 7564d5317f23a06dd984e7a011f7d4a3 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 85702 e50cfac0de465610de321b6a247294ad http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 15702 b530dc6e40497cdd17cb2eef7fc86f35 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 145258 3e1d1f46e3a3a978073cb7134660dca8 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 64908 91d9e1374bca739f621f52ff824cb967 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.2_powerpc.deb Size/MD5: 34770 300740d181959eaa050dd38e8d7f5b95 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 44076 8e8b983418cfe367c386a581948e62d1 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 140914 b937ab49f26f53b13dbacfa1b1755b5e http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 93224 9b81849a723629db064aada33a669605 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 2042588 76638c4d1cc937a4d3038d6ca56c017c http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 210178 e1f8624cc98825259447a8f3cfccab43 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 220154 d2692b4767b48e7960007762babdfd4d http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 109484 ee657ed269651dad0e97742db63b3fa6 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 33836 49d880a15f6c4c92dc37ef7c9a3e94ed http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 94740 807e344de7057bf78fdbe6d16c8160fe http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 22060 285f1d26a014fcaba9c52a8a204f4a8e http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 59236 f2769fd0e05f40416fafb3b8b4e71fd3 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 51354 0dacc2034f6a772bf1a35c4390bd707b http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 84742 42f204443d66552e20b05f431a37c9b6 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 14596 7bc50be13da6d36c7a8b1ef77ea2c64c http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 150882 f51782127f098c8431b4c08ad9084a08 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 62864 470e0fe33fae056cb349cba8f291552a http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.3-1ubuntu1.2_sparc.deb Size/MD5: 34536 d7f328a90189cac65cda36e18bac2391
var-201908-0421 Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. A resource management error vulnerability exists in HTTP/2. ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024 nghttp2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in nghttp2. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513) It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487) It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2 Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2 Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3 Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2 Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2 In general, a standard system update will make all the necessary changes. The following advisory data is extracted from: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5856.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. 7) - noarch, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.16.1). Bug Fix(es): * Fixed repository mirror credentials properly escaped to allow special characters * Fixed repository mirror UI cancel button enabled * Fixed repository mirror UI change next sync date 3. Solution: Please download the release images via: quay.io/redhat/quay:v3.1.1 quay.io/redhat/clair-jwt:v3.1.1 quay.io/redhat/quay-builder:v3.1.1 4. Description: This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-nginx112-nginx security update Advisory ID: RHSA-2019:2746-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2746 Issue date: 2019-09-12 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 ==================================================================== 1. Summary: An update for rh-nginx112-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The rh-nginx112-nginx service must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data request leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers leads to denial of service 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm aarch64: rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm aarch64: rh-nginx112-nginx-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.aarch64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.aarch64.rpm ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm ppc64le: rh-nginx112-nginx-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.ppc64le.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.ppc64le.rpm s390x: rh-nginx112-nginx-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.s390x.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.s390x.rpm x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nginx112-nginx-1.12.1-3.el7.1.src.rpm x86_64: rh-nginx112-nginx-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-debuginfo-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-image-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-perl-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-http-xslt-filter-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-mail-1.12.1-3.el7.1.x86_64.rpm rh-nginx112-nginx-mod-stream-1.12.1-3.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXXo0dNzjgjWX9erEAQhefQ//dizpNyk55ohd3bzckhrY1IwL4dPGUqa9 PPhd+kqZlhQYr8VqABpda7hXEg65TUrrz8eM8BESmoNc/4vdUjzbO0KI5ByM2zgS ieDmP/4dcZtKlYH6TmSaRMZ5+D1jdgcoP6nkwuC/4a+b0HyB+9P6z/Prn94RLM5d kbhKEU1nLqNW7KjxSYtHU8Nc0n34WeXKiNaLHviV7dFbC0Pxhlt0W/2CpNDsgvco rGHbK6pWsajWGdYZ78zSrnmAIGn6R84LEK8kRcCzzm0c7ehewC4vkSghdCqfqLC2 PO2koEfNNYRPSA8WgEZYBjVAIkGJz7mhDBN99kOQjf3VDpgPmOa+NJ0pDel6F7Nv oEx8ruGYQzLt0z2aCaY7lavHJ4isCJOHE7hvyqgumDmpkC14bxNrhjy+65o6fQVS 7RrzBtPtRTR2UAH0NhkKTXDjVS7NK+OIEcb1mj19DUvMUXDHLaZfYos0erqqf9j/ issNZShxG2rbCBlDZRC875AAeby/0k0ETYg8VeqazhtSaNF2wx0ZnanoOQ+skFaO 7QmNe8O4vrk5A0yFhSjVrYNj2A51XplqXdrdmaN6FEKGm0WEd3BkLEX352bo5NHt fXpdT29tQwd5IHBsx5Ti3ik2lzxIRzRChed8Hnu4xHs/j++rJMNkQ39ku8kmqXVL pTuQ2UprbLU=PAtT -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
var-202112-0562 It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 AffectedCVE-2021-4104 Affected CVE-2021-44228 Affected CVE-2021-45046 Affected. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache log4j2 has a denial of service vulnerability. When improperly configured, an attacker can exploit this vulnerability to cause a denial of service attack. For the oldstable distribution (buster), this problem has been fixed in version 2.16.0-1~deb10u1. For the stable distribution (bullseye), this problem has been fixed in version 2.16.0-1~deb11u1. We recommend that you upgrade your apache-log4j2 packages. For the detailed security status of apache-log4j2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache-log4j2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG7FI5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSqOg//XOye7T/8PKOrrUtHFhH+w2dOC0GujwcIS2mhofVuZQTPYvM5uTZxDTuz rQN+T505t9QaP3sF05gXK6VI675HhgmF3d+vDEnhp8QpZX5HeJrmmX44FewZQAqP yMysAuwG1RJ0Qgs7NmppU/XJBnmhJLsqsW99kcDnNXS67D23e1nUqAEDME5baSoF VPc50Up/yh4DE28Jcs8Mh2cM8UqmeLEQJ8XC3IojQLhmOF1UBJuL4K0sEUqWtJeN TytHya2XdfIIZcRolHe6AUeiLP5JpitbqkVP+hEeruAvk8nTGsLi0HMbWxA9LLcB bB9KKJjf6xndRa/t/IXGMzwr883t5/YLdxbCFcGj9M4Bfj7SAhGdgnJHZaRt1quX Vcqnu1pDHpdFuRX4t6oqF9R0uiBGeupZmGdb1y7os+FU2EbTRYU0rlnhfOsou0ex Vh5sFKFDhgWUQoyuVUMh6eOZ7p92GTzbw5kPkvboa7Xdrs02m7ChLlh8f5ajRFrK WbAcwsBj6RK4dmtdvfO2sVEuRTpFQ3qtecwZUR0pqUIjJ+rfurSGmpPr3iOrBu2s ROol/vLfW5uZd6RxSNbt3twPcwBaZagFQCcDY27Yz0sH6DlQUmWed1KJjbRaZ7fn cqjFisSZxu8d5VoAtjMSP8l95FoAm53r9Q1HCZvXqRhBjFNoYqE= =TNnt -----END PGP SIGNATURE----- . Solution: For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html 4. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse product documentation pages: Fuse 7.8: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications Fuse 7.9: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications Fuse 7.10: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications 4. The References section of this erratum contains a download link for the update. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Data Grid 8.2.3 security update Advisory ID: RHSA-2022:0205-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2022:0205 Issue date: 2022-01-20 CVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 ===================================================================== 1. Summary: An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and enhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3]. 3. Solution: To install this update, do the following: 1. Download the Data Grid 8.2.3 server patch from the customer portal[²]. 2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. 3. Install the Data Grid 8.2.3 server patch. Refer to the 8.2.3 Release Notes[³] for patching instructions. 4. Restart Data Grid to ensure the changes take effect. 4. References: https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=data.grid&version=8.2 https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYemZbtzjgjWX9erEAQgkThAAhlH9r6fZ08ZbIvy7t5FNceA93qd12PsL bJEZ9axgCc1hrxm5hK2W6x55a2tKQ0ieoFlkF87qZ5FSsEmOWfvCa5Jsr04bGkhI QBiyZvX+de8ZAUcbiXwgsb3LwfY5DAOoLZVZj7tWsxXcl9CG/MGqI452b5jB4oWa 5TXa8YHSz9/vQHtJGmjyuZYJGfH63XvLUu6qHEgCHKhXEQg5p9YrfjbdZWk77mSk N+dqHpXJFo2G+UURxBy615ebIgxA1dUR6pdbCfm/fbUAxnxWPubjNLLGShCUNBP9 /WgSMiv5GT48yhpK0IdTpPmQUAQW3fkgEd58vytgDuQf/7NhsbNFlsj3hugnAmY9 B/Jtwri/dCaOy0EDlDTc22OX7uDXaoSd9t5kjFAiZMOhxRE0hXawGfCxdGq/rgV6 EblcKQ3zW/3lsTj5KdI+0M0kNA6y1i0KP+Iujs12WLzWDANcpyvpuNu5qIMoM16Y iy4QLJkWFcH99toKO6/bEFgINq3C84sDEQNUpgwga+ct5mxsZycn3vSl9QcuoWQD FX9lwXBaxGuvBb/K3pwXfJuRQOFn2tDpwqN0PnyG/4+QLHunSPuQ8vcVx+oG9a2K LpiYxMQawsJiOjEyNUdRt7DDBpU/mVO+pf7lCY/4F5S+xOJ6E6LkJ213aSGaYPBd QiLGYFSmmLk= =y5SE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4
var-200102-0007 WatchGuard SOHO firewall allows remote attackers to cause a denial of service via a flood of fragmented IP packets, which causes the firewall to drop connections and stop forwarding packets. There is a buffer overflow in the IBM AIX setclock command that may allow local attackers to gain root privileges. Vulnerabilities exist in the WatchGuard SOHO firewall. Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability By Sowhat of Nevis Labs Date: 2006.04.11 http://www.nevisnetworks.com http://secway.org/advisory/AD20060411.txt http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx CVE: CVE-2006-1189 Vendor Microsoft Inc. Products affected: Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 and Microsoft Windows XP Service Pack 1 Internet Explorer 6 for Microsoft Windows XP Service Pack 2 Internet Explorer 6 for Microsoft Windows Server 2003 Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, Microsoft Windows 98 SE, and Microsoft Windows Millennium Edition This vulnerability affects systems that use Double-Byte Character Sets. Systems that are affected are Windows language versions that use a Double Byte Character Set language. Examples of languages that use DBCS are Chinese, Japanese, and Korean languages. Customers using other language versions of Windows might also be affected if "Language for non-Unicode programs" has been set to a Double Byte Character Set language. Overview: There exists a buffer overflow in Microsoft Internet Explorer in the parsing of DBCS URLS. This vulnerability could allow an attacker to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message. This attack may be utilized wherever IE parses HTML, such as webpages, email, newsgroups, and within applications utilizing web-browsing functionality. Details: URLMON.DLL does not properly validate IDN containing double-byte character sets (DBCS), which may lead to remote code execution. Exploiting this vulnerability seems to need a lot of more work but we believe that exploitation is possible. POC: No PoC will be released for this. FIX: Microsoft has released an update for Internet Explorer which is set to address this issue. This can be downloaded from: http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx Vendor Response: 2005.12.29 Vendor notified via secure@microsoft.com 2005.12.29 Vendor responded 2006.04.11 Vendor released MS06-0xx patch 2006.04.11 Advisory released Common Vulnerabilities and Exposures (CVE) Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. CVE-2006-1189 Greetings to Lennart@MS, Chi, OYXin, Narasimha Datta, all Nevis Labs guys, all XFocus and 0x557 guys :) References: 1. http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx 2. http://www.nsfocus.com/english/homepage/research/0008.htm 3. http://xforce.iss.net/xforce/xfdb/5729 4. http://www.securityfocus.com/bid/2100/discuss 5. http://www.inter-locale.com/whitepaper/IUC27-a303.html 6. http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx 7. [Mozilla Firefox IDN "Host:" Buffer Overflow] http://www.security-protocols.com/advisory/sp-x17-advisory.txt 8. [Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow] http://www.security-protocols.com/advisory/sp-x18-advisory.txt 9. http://72.14.203.104/search?q=cache:Dxn-V4fil1IJ:developer.novell.com /research/devnotes/1995/may/02/05.htm -- Sowhat http://secway.org "Life is like a bug, Do you know how to exploit it ?"
var-201404-0374 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. Java SE (Java Platform Standard Edition) is used to develop and deploy Java applications on desktops, servers, and embedded devices and real-time environments; JRockit is a Java virtual machine built into Oracle Fusion Middleware; Java SE Embedded is a The Java platform for developing powerful, reliable, and portable applications for embedded systems. Affects the confidentiality and integrity of data. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2014:0406-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0406.html Issue date: 2014-04-16 CVE Names: CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1060907 - CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618) 1086632 - CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736) 1086645 - CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766) 1087409 - CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841) 1087411 - CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394) 1087413 - CVE-2014-0456 OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858) 1087417 - CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854) 1087423 - CVE-2014-2397 OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926) 1087424 - CVE-2014-0455 OpenJDK: MethodHandle variable argument lists handling (Libraries, 8029844) 1087426 - CVE-2014-0461 OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794) 1087427 - CVE-2014-2412 OpenJDK: AWT thread context handling (AWT, 8025010) 1087428 - CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797) 1087430 - CVE-2014-0458 OpenJDK: Activation framework default command map caching (JAX-WS, 8025152) 1087431 - CVE-2014-2414 OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030) 1087434 - CVE-2014-2423 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188) 1087436 - CVE-2014-0452 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801) 1087438 - CVE-2014-2402 OpenJDK: Incorrect NIO channel separation (Libraries, 8026716) 1087439 - CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740) 1087440 - CVE-2014-0454 OpenJDK: Prevent SIGNATURE_PRIMITIVE_SET from being modified (Security, 8029745) 1087441 - CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) 1087442 - CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731) 1087443 - CVE-2014-2403 OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282) 1087444 - CVE-2014-0459 lcms: insufficient ICC profile version validation (OpenJDK 2D, 8031335) 1087446 - CVE-2014-2413 OpenJDK: method handle call hierachy bypass (Libraries, 8032686) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.src.rpm i386: java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el6_5.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el6_5.i686.rpm java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.el6_5.i686.rpm java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.el6_5.i686.rpm java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.el6_5.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.1.el6_5.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.src.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.1.el6_5.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.src.rpm i386: java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el6_5.i686.rpm java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.el6_5.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.1.el6_5.noarch.rpm x86_64: java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el6_5.i686.rpm java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.el6_5.i686.rpm java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.el6_5.i686.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.src.rpm i386: java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el6_5.i686.rpm java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.el6_5.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.1.el6_5.noarch.rpm x86_64: java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el6_5.i686.rpm java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.el6_5.i686.rpm java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.el6_5.i686.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.55-2.4.7.1.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0429.html https://www.redhat.com/security/data/cve/CVE-2014-0446.html https://www.redhat.com/security/data/cve/CVE-2014-0451.html https://www.redhat.com/security/data/cve/CVE-2014-0452.html https://www.redhat.com/security/data/cve/CVE-2014-0453.html https://www.redhat.com/security/data/cve/CVE-2014-0454.html https://www.redhat.com/security/data/cve/CVE-2014-0455.html https://www.redhat.com/security/data/cve/CVE-2014-0456.html https://www.redhat.com/security/data/cve/CVE-2014-0457.html https://www.redhat.com/security/data/cve/CVE-2014-0458.html https://www.redhat.com/security/data/cve/CVE-2014-0459.html https://www.redhat.com/security/data/cve/CVE-2014-0460.html https://www.redhat.com/security/data/cve/CVE-2014-0461.html https://www.redhat.com/security/data/cve/CVE-2014-1876.html https://www.redhat.com/security/data/cve/CVE-2014-2397.html https://www.redhat.com/security/data/cve/CVE-2014-2398.html https://www.redhat.com/security/data/cve/CVE-2014-2402.html https://www.redhat.com/security/data/cve/CVE-2014-2403.html https://www.redhat.com/security/data/cve/CVE-2014-2412.html https://www.redhat.com/security/data/cve/CVE-2014-2413.html https://www.redhat.com/security/data/cve/CVE-2014-2414.html https://www.redhat.com/security/data/cve/CVE-2014-2421.html https://www.redhat.com/security/data/cve/CVE-2014-2423.html https://www.redhat.com/security/data/cve/CVE-2014-2427.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTTmzQXlSAg2UNWIIRAtKdAKCBGCXcmdsIke6rE6wALE8rmyh8PgCfVt/K i9yLmC1ovZP+Sr9z+PQskyk= =avQw -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201502-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: February 15, 2015 Bugs: #507798, #508716, #517220, #525464 ID: 201502-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Oracle's Java SE Development Kit and Runtime Environment, the worst of which could lead to execution of arbitrary code. Please review the CVE identifiers referenced below for details. Impact ====== A context-dependent attacker may be able to execute arbitrary code, disclose, update, insert, or delete certain data. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JRE 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.71" All Oracle JDK 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.71" All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.71" References ========== [ 1 ] CVE-2014-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429 [ 2 ] CVE-2014-0432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0432 [ 3 ] CVE-2014-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446 [ 4 ] CVE-2014-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0448 [ 5 ] CVE-2014-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0449 [ 6 ] CVE-2014-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451 [ 7 ] CVE-2014-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452 [ 8 ] CVE-2014-0453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453 [ 9 ] CVE-2014-0454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0454 [ 10 ] CVE-2014-0455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0455 [ 11 ] CVE-2014-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456 [ 12 ] CVE-2014-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457 [ 13 ] CVE-2014-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458 [ 14 ] CVE-2014-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459 [ 15 ] CVE-2014-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460 [ 16 ] CVE-2014-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461 [ 17 ] CVE-2014-0463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0463 [ 18 ] CVE-2014-0464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0464 [ 19 ] CVE-2014-2397 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397 [ 20 ] CVE-2014-2398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398 [ 21 ] CVE-2014-2401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2401 [ 22 ] CVE-2014-2402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2402 [ 23 ] CVE-2014-2403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403 [ 24 ] CVE-2014-2409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2409 [ 25 ] CVE-2014-2410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2410 [ 26 ] CVE-2014-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412 [ 27 ] CVE-2014-2413 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2413 [ 28 ] CVE-2014-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414 [ 29 ] CVE-2014-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2420 [ 30 ] CVE-2014-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421 [ 31 ] CVE-2014-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2422 [ 32 ] CVE-2014-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423 [ 33 ] CVE-2014-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427 [ 34 ] CVE-2014-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2428 [ 35 ] CVE-2014-2483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2483 [ 36 ] CVE-2014-2490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2490 [ 37 ] CVE-2014-4208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4208 [ 38 ] CVE-2014-4209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4209 [ 39 ] CVE-2014-4216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4216 [ 40 ] CVE-2014-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4218 [ 41 ] CVE-2014-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4219 [ 42 ] CVE-2014-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4220 [ 43 ] CVE-2014-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4221 [ 44 ] CVE-2014-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4223 [ 45 ] CVE-2014-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4227 [ 46 ] CVE-2014-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4244 [ 47 ] CVE-2014-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4247 [ 48 ] CVE-2014-4252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4252 [ 49 ] CVE-2014-4262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4262 [ 50 ] CVE-2014-4263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4263 [ 51 ] CVE-2014-4264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4264 [ 52 ] CVE-2014-4265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4265 [ 53 ] CVE-2014-4266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4266 [ 54 ] CVE-2014-4268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4268 [ 55 ] CVE-2014-4288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4288 [ 56 ] CVE-2014-6456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6456 [ 57 ] CVE-2014-6457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6457 [ 58 ] CVE-2014-6458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6458 [ 59 ] CVE-2014-6466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6466 [ 60 ] CVE-2014-6468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6468 [ 61 ] CVE-2014-6476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6476 [ 62 ] CVE-2014-6485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6485 [ 63 ] CVE-2014-6492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6492 [ 64 ] CVE-2014-6493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6493 [ 65 ] CVE-2014-6502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6502 [ 66 ] CVE-2014-6503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6503 [ 67 ] CVE-2014-6504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6504 [ 68 ] CVE-2014-6506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6506 [ 69 ] CVE-2014-6511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6511 [ 70 ] CVE-2014-6512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6512 [ 71 ] CVE-2014-6513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6513 [ 72 ] CVE-2014-6515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6515 [ 73 ] CVE-2014-6517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6517 [ 74 ] CVE-2014-6519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6519 [ 75 ] CVE-2014-6527 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6527 [ 76 ] CVE-2014-6531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6531 [ 77 ] CVE-2014-6532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6532 [ 78 ] CVE-2014-6558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6558 [ 79 ] CVE-2014-6562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6562 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201502-12.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Bugs fixed (https://bugzilla.redhat.com/): 1031734 - CVE-2013-6629 libjpeg: information leak (read of uninitialized memory) 1045561 - CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or NULL palette 1051519 - CVE-2014-0428 OpenJDK: insufficient security checks in IIOP streams (CORBA, 8025767) 1051528 - CVE-2014-0422 OpenJDK: insufficient package access checks in the Naming component (JNDI, 8025758) 1051699 - CVE-2014-0373 OpenJDK: SnmpStatusException handling issues (Serviceability, 7068126) 1051823 - CVE-2013-5878 OpenJDK: null xmlns handling issue (Security, 8025026) 1051911 - CVE-2013-5884 OpenJDK: insufficient security checks in CORBA stub factories (CORBA, 8026193) 1051912 - CVE-2014-0416 OpenJDK: insecure subject principals set handling (JAAS, 8024306) 1051923 - CVE-2014-0376 OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018) 1052915 - CVE-2013-5907 ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034) 1052919 - CVE-2014-0368 OpenJDK: insufficient Socket checkListen checks (Networking, 8011786) 1052942 - CVE-2013-5910 OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417) 1053010 - CVE-2014-0411 OpenJDK: TLS/SSL handshake timing issues (JSSE, 8023069) 1053066 - CVE-2014-0423 OpenJDK: XXE issue in decoder (Beans, 8023245) 1053266 - CVE-2013-5896 OpenJDK: com.sun.corba.se. Release Date: 2014-08-19 Last Updated: 2014-08-19 Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. References: CVE-2013-6629 CVE-2013-6954 CVE-2014-0432 CVE-2014-0446 CVE-2014-0448 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2401 CVE-2014-2402 CVE-2014-2403 CVE-2014-2409 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2422 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428 CVE-2014-2483 CVE-2014-2490 CVE-2014-4208 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4220 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4265 CVE-2014-4266 CVE-2014-4268 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, and B.11.31 running HP JDK and JRE v7.0.09 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-6629 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-6954 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-0432 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-0446 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-0448 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2014-0449 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-0451 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-0452 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-0453 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2014-0454 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-0455 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-0456 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-0458 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-0459 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0460 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2014-0461 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-1876 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2014-2397 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-2398 (AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5 CVE-2014-2401 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-2402 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-2403 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-2409 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2014-2412 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-2413 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-2414 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-2420 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2014-2421 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-2422 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2423 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-2427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-2428 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2014-2483 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-2490 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-4208 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2014-4209 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2014-4216 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-4218 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-4220 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-4221 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-4223 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-4244 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2014-4252 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-4262 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-4263 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2014-4264 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-4265 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-4266 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-4268 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location: http://www.hp.com/java OS Version Release Version Depot Name HP-UX B.11.23, B.11.31 JDK and JRE v7.0.10 or subsequent Itanium_JDK_JRE_7.0.10_Aug_2014_Java70_1.7.0.10.00_HP-UX_B.11.31_IA.depot MANUAL ACTIONS: Yes - Update For Java v7.0 update to Java v7.0.10 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.23 HP-UX B.11.31 =========== Jdk70.JDK70-COM Jdk70.JDK70-DEMO Jdk70.JDK70-IPF32 Jdk70.JDK70-IPF64 Jre70.JRE70-COM Jre70.JRE70-IPF32 Jre70.JRE70-IPF32-HS Jre70.JRE70-IPF64 Jre70.JRE70-IPF64-HS action: install revision 1.7.0.10.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 19 August 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Note that the CVE-2014-0459 issue is in the lcms2 library, which has been patched to correct this flaw. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTdfckmqjQ0CJFipgRArKEAKCIiAR2WkLo3Vb0gzzQ5RDz7hQZ3gCcDC6A 5xOtKkhOvonpLXoqBiAcXWQ= =qBk5 -----END PGP SIGNATURE----- . For the oldstable distribution (squeeze), these problems have been fixed in version 6b31-1.13.3-1~deb6u1. For the stable distribution (wheezy), these problems have been fixed in version 6b31-1.13.3-1~deb7u1. For the testing distribution (jessie), these problems have been fixed in version 6b31-1.13.3-1. For the unstable distribution (sid), these problems have been fixed in version 6b31-1.13.3-1
var-201412-0516 The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. Apache HTTP Server is prone to a remote denial-of-service vulnerability. A remote attacker may exploit this issue to trigger denial-of-service conditions. Versions prior to Apache HTTP Server 2.4.11 are vulnerable. The server is fast, reliable and extensible through a simple API. ============================================================================ Ubuntu Security Notice USN-2523-1 March 10, 2015 apache2 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in the Apache HTTP Server. (CVE-2013-5704) Mark Montague discovered that the mod_cache module incorrectly handled empty HTTP Content-Type headers. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3581) Teguh P. Alko discovered that the mod_proxy_fcgi module incorrectly handled long response headers. This issue only affected Ubuntu 14.10. (CVE-2014-3583) It was discovered that the mod_lua module incorrectly handled different arguments within different contexts. This issue only affected Ubuntu 14.10. (CVE-2014-8109) Guido Vranken discovered that the mod_lua module incorrectly handled a specially crafted websocket PING in certain circumstances. A remote attacker could possibly use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.10. (CVE-2015-0228) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: apache2.2-bin 2.4.10-1ubuntu1.1 Ubuntu 14.04 LTS: apache2.2-bin 2.4.7-1ubuntu4.4 Ubuntu 12.04 LTS: apache2.2-bin 2.2.22-1ubuntu1.8 Ubuntu 10.04 LTS: apache2.2-bin 2.2.14-5ubuntu8.15 In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-36 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache: Multiple vulnerabilities Date: January 15, 2017 Bugs: #529130, #589226, #601736, #603130 ID: 201701-36 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Apache, the worst of which could lead to a Denial of Service condition. Please review the CVE identifiers, upstream Apache Software Foundation documentation, and HTTPoxy website referenced below for details. Additionally, an attacker could intercept unsecured (HTTP) transmissions via the HTTPoxy vulnerability. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.25" References ========== [ 1 ] Apache Software Foundation Projects and "httpoxy" CERT VU #797896 https://www.apache.org/security/asf-httpoxy-response.txt [ 2 ] CVE-2014-3583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3583 [ 3 ] CVE-2016-0736 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0736 [ 4 ] CVE-2016-2161 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2161 [ 5 ] CVE-2016-5387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5387 [ 6 ] CVE-2016-8073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8073 [ 7 ] CVE-2016-8740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8740 [ 8 ] CVE-2016-8743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8743 [ 9 ] HTTPoxy Website https://httpoxy.org/ Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-36 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 OS X Yosemite v10.10.5 and Security Update 2015-006 is now available and addresses the following: apache Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Apache 2.4.16, the most serious of which may allow a remote attacker to cause a denial of service. These were addressed by updating Apache to version 2.4.16. CVE-ID CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185 apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in PHP 5.5.20, the most serious of which may lead to arbitrary code execution. Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.20. These were addressed by updating Apache to version 5.5.27. CVE-ID CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 Apple ID OD Plug-in Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able change the password of a local user Description: In some circumstances, a state management issue existed in password authentication. The issue was addressed through improved state management. CVE-ID CVE-2015-3799 : an anonymous researcher working with HP's Zero Day Initiative AppleGraphicsControl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5768 : JieTao Yang of KeenTeam Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOBluetoothHCIController. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3779 : Teddy Reed of Facebook Security Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue could have led to the disclosure of kernel memory layout. This issue was addressed with improved memory management. CVE-ID CVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze Networks Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious app may be able to access notifications from other iCloud devices Description: An issue existed where a malicious app could access a Bluetooth-paired Mac or iOS device's Notification Center notifications via the Apple Notification Center Service. The issue affected devices using Handoff and logged into the same iCloud account. This issue was resolved by revoking access to the Apple Notification Center Service. CVE-ID CVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security Lab (Indiana University), Tongxin Li (Peking University), XiaoFeng Wang (Indiana University) Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with privileged network position may be able to perform denial of service attack using malformed Bluetooth packets Description: An input validation issue existed in parsing of Bluetooth ACL packets. This issue was addressed through improved input validation. CVE-ID CVE-2015-3787 : Trend Micro Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple buffer overflow issues existed in blued's handling of XPC messages. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-3777 : mitp0sh of [PDX] bootp Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may have broadcast MAC addresses of previously accessed networks via the DNAv4 protocol. This issue was addressed through disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project) CloudKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access the iCloud user record of a previously signed in user Description: A state inconsistency existed in CloudKit when signing out users. This issue was addressed through improved state handling. CVE-ID CVE-2015-3782 : Deepkanwal Plaha of University of Toronto CoreMedia Playback Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in CoreMedia Playback. These were addressed through improved memory handling. CVE-ID CVE-2015-5777 : Apple CVE-2015-5778 : Apple CoreText Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team curl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities in cURL and libcurl prior to 7.38.0, one of which may allow remote attackers to bypass the Same Origin Policy. Description: Multiple vulnerabilities existed in cURL and libcurl prior to 7.38.0. These issues were addressed by updating cURL to version 7.43.0. CVE-ID CVE-2014-3613 CVE-2014-3620 CVE-2014-3707 CVE-2014-8150 CVE-2014-8151 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153 Data Detectors Engine Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a sequence of unicode characters can lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in processing of Unicode characters. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org) Date & Time pref pane Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Applications that rely on system time may have unexpected behavior Description: An authorization issue existed when modifying the system date and time preferences. This issue was addressed with additional authorization checks. CVE-ID CVE-2015-3757 : Mark S C Smith Dictionary Application Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with a privileged network position may be able to intercept users' Dictionary app queries Description: An issue existed in the Dictionary app, which did not properly secure user communications. This issue was addressed by moving Dictionary queries to HTTPS. CVE-ID CVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security Team DiskImages Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team dyld Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed in dyld. This was addressed through improved environment sanitization. CVE-ID CVE-2015-3760 : beist of grayhash, Stefan Esser FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3804 : Apple CVE-2015-5775 : Apple FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team groff Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple issues in pdfroff Description: Multiple issues existed in pdfroff, the most serious of which may allow arbitrary filesystem modification. These issues were addressed by removing pdfroff. CVE-ID CVE-2009-5044 CVE-2009-5078 ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of TIFF images. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5758 : Apple ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: An uninitialized memory access issue existed in ImageIO's handling of PNG and TIFF images. Visiting a malicious website may result in sending data from process memory to the website. This issue is addressed through improved memory initialization and additional validation of PNG and TIFF images. CVE-ID CVE-2015-5781 : Michal Zalewski CVE-2015-5782 : Michal Zalewski Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: An issue existed in how Install.framework's 'runner' binary dropped privileges. This issue was addressed through improved privilege management. CVE-ID CVE-2015-5784 : Ian Beer of Google Project Zero Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A race condition existed in Install.framework's 'runner' binary that resulted in privileges being incorrectly dropped. This issue was addressed through improved object locking. CVE-ID CVE-2015-5754 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: Memory corruption issues existed in IOFireWireFamily. These issues were addressed through additional type input validation. CVE-ID CVE-2015-3769 : Ilja van Sprundel CVE-2015-3771 : Ilja van Sprundel CVE-2015-3772 : Ilja van Sprundel IOGraphics Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOGraphics. This issue was addressed through additional type input validation. CVE-ID CVE-2015-3770 : Ilja van Sprundel CVE-2015-5783 : Ilja van Sprundel IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5774 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in the mach_port_space_info interface, which could have led to the disclosure of kernel memory layout. This was addressed by disabling the mach_port_space_info interface. CVE-ID CVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team, @PanguTeam Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2015-3768 : Ilja van Sprundel Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A resource exhaustion issue existed in the fasttrap driver. This was addressed through improved memory handling. CVE-ID CVE-2015-5747 : Maxime VILLARD of m00nbsd Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A validation issue existed in the mounting of HFS volumes. This was addressed by adding additional checks. CVE-ID CVE-2015-5748 : Maxime VILLARD of m00nbsd Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute unsigned code Description: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation. CVE-ID CVE-2015-3806 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A specially crafted executable file could allow unsigned, malicious code to execute Description: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files. CVE-ID CVE-2015-3803 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute unsigned code Description: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks. CVE-ID CVE-2015-3802 : TaiG Jailbreak Team CVE-2015-3805 : TaiG Jailbreak Team Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted plist may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption existed in processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein (@jollyjinx) of Jinx Germany Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed. This was addressed through improved environment sanitization. CVE-ID CVE-2015-3761 : Apple Libc Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted regular expression may lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in the TRE library. These were addressed through improved memory handling. CVE-ID CVE-2015-3796 : Ian Beer of Google Project Zero CVE-2015-3797 : Ian Beer of Google Project Zero CVE-2015-3798 : Ian Beer of Google Project Zero Libinfo Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in handling AF_INET6 sockets. These were addressed by improved memory handling. CVE-ID CVE-2015-5776 : Apple libpthread Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling syscalls. This issue was addressed through improved lock state checking. CVE-ID CVE-2015-5757 : Lufeng Li of Qihoo 360 libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2. CVE-ID CVE-2012-6685 : Felix Groebert of Google CVE-2014-0191 : Felix Groebert of Google libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory access issue existed in libxml2. This was addressed by improved memory handling CVE-ID CVE-2014-3660 : Felix Groebert of Google libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Apple libxpc Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling of malformed XPC messages. This issue was improved through improved bounds checking. CVE-ID CVE-2015-3795 : Mathew Rowley mail_cmds Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary shell commands Description: A validation issue existed in the mailx parsing of email addresses. This was addressed by improved sanitization. CVE-ID CVE-2014-7844 Notification Center OSX Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access all notifications previously displayed to users Description: An issue existed in Notification Center, which did not properly delete user notifications. This issue was addressed by correctly deleting notifications dismissed by users. CVE-ID CVE-2015-3764 : Jonathan Zdziarski ntfs Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in NTFS. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze Networks OpenSSH Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Remote attackers may be able to circumvent a time delay for failed login attempts and conduct brute-force attacks Description: An issue existed when processing keyboard-interactive devices. This issue was addressed through improved authentication request validation. CVE-ID CVE-2015-5600 OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 perl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted regular expression may lead to disclosure of unexpected application termination or arbitrary code execution Description: An integer underflow issue existed in the way Perl parsed regular expressions. This issue was addressed through improved memory handling. CVE-ID CVE-2013-7422 PostgreSQL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: An attacker may be able to cause unexpected application termination or gain access to data without proper authentication Description: Multiple issues existed in PostgreSQL 9.2.4. These issues were addressed by updating PostgreSQL to 9.2.13. CVE-ID CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244 python Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Python 2.7.6, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in Python versions prior to 2.7.6. These were addressed by updating Python to version 2.7.10. CVE-ID CVE-2013-7040 CVE-2013-7338 CVE-2014-1912 CVE-2014-7185 CVE-2014-9365 QL Office Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted Office document may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of Office documents. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5773 : Apple QL Office Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: An external entity reference issue existed in XML file parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. Quartz Composer Framework Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of QuickTime files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5771 : Apple Quick Look Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Searching for a previously viewed website may launch the web browser and render that website Description: An issue existed where QuickLook had the capability to execute JavaScript. The issue was addressed by disallowing execution of JavaScript. CVE-ID CVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole QuickTime 7 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3772 CVE-2015-3779 CVE-2015-5753 : Apple CVE-2015-5779 : Apple QuickTime 7 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3765 : Joe Burnett of Audio Poison CVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-5751 : WalkerFuz SceneKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5772 : Apple SceneKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in SceneKit. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3783 : Haris Andrianakis of Google Security Team Security Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A standard user may be able to gain access to admin privileges without proper authentication Description: An issue existed in handling of user authentication. This issue was addressed through improved authentication checks. CVE-ID CVE-2015-3775 : [Eldon Ahrold] SMBClient Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the SMB client. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3773 : Ilja van Sprundel Speech UI Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted unicode string with speech alerts enabled may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling of Unicode strings. This issue was addressed by improved memory handling. CVE-ID CVE-2015-3794 : Adam Greenbaum of Refinitive sudo Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9, the most serious of which may allow an attacker access to arbitrary files Description: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9. These were addressed by updating sudo to version 1.7.10p9. CVE-ID CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 CVE-2014-0106 CVE-2014-9680 tcpdump Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in tcpdump versions prior to 4.7.3. These were addressed by updating tcpdump to version 4.7.3. CVE-ID CVE-2014-8767 CVE-2014-8769 CVE-2014-9140 Text Formats Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted text file may lead to disclosure of user information Description: An XML external entity reference issue existed with TextEdit parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team udf Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3767 : beist of grayhash OS X Yosemite v10.10.5 includes the security content of Safari 8.0.8: https://support.apple.com/en-us/HT205033 OS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJVzM3+AAoJEBcWfLTuOo7tx/YP/RTsUUx0UTk7rXj6AEcHmiR4 Y2xTUOXqRmxhieSbsGK9laKL5++lIzkGh5RC7oYag0+OgWtZz+EU/EtdoEJmGNJ6 +PgoEnizYdKhO1kos1KCHOwG6UFCqoeEm6Icm33nVUqWp7uAmhVRMRxtMJEScLSR 2LpsK0grIhFXtJGqu053TSKSCa1UTab8XWteZTT84uFGMSKbAFONj5CPIrR6+uev QpVTwrnskPDBOXJwGhjypvIBTbt2aa1wjCukOAWFHwf7Pma/QUdhKRkUK4vAb9/k fu2t2fBOvSMguJHRO+340NsQR9LvmdruBeAyNUH64srF1jtbAg0QnvZsPyO5aIyR A8WrzHl3oIc0II0y7VpI+3o0J3Nn03EcBPtIKeoeyznnjNziDm72HPI2d2+5ZSRz xjAd4Nmw+dgGq+UMkusIXgtRK4HcEpwzfImf3zqnKHakSncnFPhGKyNEgn8bK9a7 AeAvSqMXXsJg8weHUF2NLnAn/42k2wIE8d5BOLaIy13xz6MJn7VUI21pK0zCaGBF sfkRFZP0eEVh8ZzU/nWp9E5KDpbsd72biJwvjWH4OrmkfzUWxStQiVwPTxtZD9LW c5ZWe+vqZJV9eYRH2hAOMPaYkOQ5Z4DySNVVOFAG0eq9til8+V0k3L7ipIVd2XUB msu6gVP8uZhFYNb8byVJ =+0e/ -----END PGP SIGNATURE----- . Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.12-i486-1_slack14.1.txz: Upgraded. This update fixes the following security issues: * CVE-2014-3583 mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K. * CVE-2014-3581 mod_cache: Avoid a crash when Content-Type has an empty value. PR 56924. * CVE-2014-8109 mod_lua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments. PR57204. Adds "MergeTrailers" directive to restore legacy behavior. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.29-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.29-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.29-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.29-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.29-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.29-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.12-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.12-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.12-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.12-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.12-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.12-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: 511973e7033d924fe8f2dfac870cfc9d httpd-2.2.29-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 5fb45ffc524b4afc2b6e3c322bd43ff2 httpd-2.2.29-x86_64-1_slack13.0.txz Slackware 13.1 package: 47ef44a58d821fe2462817bd308e4c88 httpd-2.2.29-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 4e99389080c31b12a863d315f17e0897 httpd-2.2.29-x86_64-1_slack13.1.txz Slackware 13.37 package: 9ecaeefcc21871e101c4e41487879ba7 httpd-2.2.29-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 4c4badc191f0c2337d0f05fe4f5f6701 httpd-2.2.29-x86_64-1_slack13.37.txz Slackware 14.0 package: 44ee311cec11c0b8b5361871f076060a httpd-2.4.12-i486-1_slack14.0.txz Slackware x86_64 14.0 package: d222d77977fea4f3d2583398070e70fe httpd-2.4.12-x86_64-1_slack14.0.txz Slackware 14.1 package: d65e3a24abd582fb54b6da0ba926106e httpd-2.4.12-i486-1_slack14.1.txz Slackware x86_64 14.1 package: e655bdd8f6f7e13da6ae2c70f9c9eea0 httpd-2.4.12-x86_64-1_slack14.1.txz Slackware -current package: bfd8439df17a91bf8b3351a9fdafbfc9 n/httpd-2.4.12-i486-1.txz Slackware x86_64 -current package: 3c68dceffdf6de2c67ac2b40fc3846dc n/httpd-2.4.12-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg httpd-2.4.12-i486-1_slack14.1.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: mod_proxy_fcgi and ceph security and bug fix update Advisory ID: RHSA-2015:1858-01 Product: Red Hat Ceph Storage Advisory URL: https://access.redhat.com/errata/RHSA-2015:1858 Issue date: 2015-10-01 CVE Names: CVE-2014-3583 ===================================================================== 1. Summary: Updated mod_proxy_fcgi and ceph packages that fix one security issue and several bugs are now available for CentOS 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. A buffer overflow flaw was found in mod_proxy_fcgi's handle_headers() function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash. (CVE-2014-3583) This update also fixes the following bugs: * The RADOS gateway (RGW) can now properly decode the slash characters ("/") in clients' upload IDs. (BZ#1183182) * The RGW's object attribute updates could race with other object updates operations, which led to inconsistent object states, such as incomplete object deletions. RGW now handles attribute updates correctly. (BZ#1206963) * Recreating a previously existing bucket in RGW did not remove the bucket instance metadata object and created a redundant object in the RGW pool. The redundant objects are no longer generated. (BZ#1212524) * The Content-Length header is now correctly created when creating a container using the Swift API. (BZ#1213988) * RGW did not properly cache users' keystone tokens and validated all keystone tokens for every Swift operation. RGW now caches tokens correctly, so that the token validation occurs only when necessary. (BZ#1213999) * Modifying a user's Access Control List (ACL) permissions for an object in RGW inappropriately caused the user to become the owner of the object. This update fixes this bug. (BZ#1214051) * RGW could fail to update the bucket attributes during a Swift API "POST" operation. RGW now correctly updates the bucket attributes. (BZ#1214058) * RGW no longer terminated unexpectedly when using keystone authentication to copy an object. (BZ#1214061) * An attempt to download an object greater than 512 KB using a range header failed when using the Swift API. Objects can now be downloaded as expected. (BZ#1214854) * When using OpenStack's Cinder RADOS Block Device (RBD) back-end driver with Ceph administration socket enabled, Ceph could leak file descriptors and eventually consume the maximum number of allowed opened files. This behavior caused Cinder's RBD connections to fail. Now, Ceph closes the administration socket appropriately. (BZ#1220496) * When a part of a multi-part object was resent, the object became broken due a discrepancy between the object size when listing the object and when stating the object. Now, multi-part objects no longer become broken in such a case. (BZ#1222091) * When the number of placement groups (PGs) in a pool was increased, Ceph did not send watch or notify operations correctly. Consequently, the librbd library presented inconsistent RBD snapshot data. Now, Ceph correctly re-sends operations. (BZ#1245785) * When reopening log files, Object Storage Devices (OSDs) could write data to the incorrect file descriptor. Consequently, log entries were lost, or were written to a file descriptor, which was opened by the filestore. The latter case could cause data corruption. This bug has been fixed. (BZ#1247752) All mod_proxy_fcgi and ceph users are advised to upgrade to these updated packages, which correct these issues. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Refer to the following Knowledge Base article for a download link and signing information: https://access.redhat.com/articles/1560193 4. Bugs fixed (https://bugzilla.redhat.com/): 1163555 - CVE-2014-3583 httpd: mod_proxy_fcgi handle_headers() buffer over read 5. References: https://access.redhat.com/security/cve/CVE-2014-3583 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/articles/1560193 https://access.redhat.com/articles/1372203 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWDgndXlSAg2UNWIIRApfBAKC3r5aCeSFMsbtE4XsK10F6mj2y9ACdE3jI oPvjqMGz3njb3os9553TrOY= =IgoY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . CVE-ID CVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research Center OS X Server 5.0.3 may be obtained from the Mac App Store. Relevant releases/architectures: Red Hat Common for RHEL Server (v. 6) - x86_64 3. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Common for RHEL Server (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7
var-201310-0355 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5824, CVE-2013-5832, and CVE-2013-5852. (DoS) An attack may be carried out. The vulnerability can be exploited over multiple protocols. This issue affects the 'Deployment' sub-component. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2013:1507-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1507.html Issue date: 2013-11-07 CVE Names: CVE-2013-3829 CVE-2013-4041 CVE-2013-5372 CVE-2013-5375 CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-5772 CVE-2013-5774 CVE-2013-5776 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5787 CVE-2013-5788 CVE-2013-5789 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5801 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5812 CVE-2013-5814 CVE-2013-5817 CVE-2013-5818 CVE-2013-5819 CVE-2013-5820 CVE-2013-5823 CVE-2013-5824 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5831 CVE-2013-5832 CVE-2013-5838 CVE-2013-5840 CVE-2013-5842 CVE-2013-5843 CVE-2013-5848 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851 ===================================================================== 1. Summary: Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5456, CVE-2013-5457, CVE-2013-5458, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR6 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1018713 - CVE-2013-5803 OpenJDK: insufficient checks of KDC replies (JGSS, 8014341) 1018717 - CVE-2013-5772 OpenJDK: insufficient html escaping in jhat (jhat, 8011081) 1018720 - CVE-2013-5797 OpenJDK: insufficient escaping of window title string (Javadoc, 8016675) 1018727 - CVE-2013-5784 OpenJDK: insufficient InterfaceImplementor security checks (Scripting, 8017299) 1018736 - CVE-2013-5790 OpenJDK: insufficient security checks (Beans, 8012071) 1018750 - CVE-2013-5849 OpenJDK: insufficient DataFlavor security checks (AWT, 8012277) 1018755 - CVE-2013-5800 OpenJDK: default keytab path information leak (JGSS, 8022931) 1018785 - CVE-2013-5780 OpenJDK: key data leak via toString() methods (Libraries, 8011071) 1018831 - CVE-2013-5840 OpenJDK: getDeclaringClass() information leak (Libraries, 8014349) 1018972 - CVE-2013-5820 OpenJDK: insufficient security checks (JAXWS, 8017505) 1018977 - CVE-2013-5851 OpenJDK: XML stream factory finder information leak (JAXP, 8013502) 1018984 - CVE-2013-5778 OpenJDK: image conversion out of bounds read (2D, 8014102) 1019108 - CVE-2013-5782 OpenJDK: Incorrect awt_getPixelByte/awt_getPixelShort/awt_setPixelByte/awt_setPixelShort image raster checks (2D, 8014093) 1019110 - CVE-2013-5830 OpenJDK: checkPackageAccess missing security check (Libraries, 8017291) 1019113 - CVE-2013-5809 OpenJDK: JPEGImageReader and JPEGImageWriter missing band size checks (2D, 8013510) 1019115 - CVE-2013-5829 OpenJDK: Java2d Disposer security bypass (2D, 8017287) 1019117 - CVE-2013-5814 OpenJDK: RMIConnection stub missing permission check (CORBA, 8011157) 1019118 - CVE-2013-5817 OpenJDK: VersionHelper12 does not honor modifyThreadGroup restriction (JNDI, 8013739) 1019123 - CVE-2013-5842 OpenJDK: ObjectInputStream/ObjectOutputStream missing checks (Libraries, 8014987) 1019127 - CVE-2013-5850 OpenJDK: Missing CORBA security checks (Libraries, 8017196) 1019130 - CVE-2013-5802 OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425) 1019131 - CVE-2013-5804 OpenJDK: javac does not ignore certain ignorable characters (Javadoc, 8016653) 1019133 - CVE-2013-3829 OpenJDK: java.util.TimeZone does not restrict setting of default time zone (Libraries, 8001029) 1019137 - CVE-2013-5783 OpenJDK: JTable not properly performing certain access checks (Swing, 8013744) 1019139 - CVE-2013-5825 OpenJDK: XML parsing Denial of Service (JAXP, 8014530) 1019145 - CVE-2013-5823 OpenJDK: com.sun.org.apache.xml.internal.security.utils.UnsyncByteArrayOutputStream Denial of Service (Security, 8021290) 1019147 - CVE-2013-5774 OpenJDK: Inet6Address class IPv6 address processing errors (Libraries, 8015743) 1019300 - CVE-2013-5838 OpenJDK: Vulnerability in Libraries component (Libraries, 7023639) 1019691 - CVE-2013-5824 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019692 - CVE-2013-5788 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019693 - CVE-2013-5787 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019697 - CVE-2013-5789 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019701 - CVE-2013-5843 Oracle JDK: unspecified vulnerability fixed in 7u45 (2D) 1019702 - CVE-2013-5832 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019706 - CVE-2013-5812 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019710 - CVE-2013-5801 Oracle JDK: unspecified vulnerability fixed in 7u45 (2D) 1019712 - CVE-2013-5776 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019713 - CVE-2013-5818 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019715 - CVE-2013-5819 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019716 - CVE-2013-5831 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1019720 - CVE-2013-5848 Oracle JDK: unspecified vulnerability fixed in 7u45 (Deployment) 1027748 - CVE-2013-5456 IBM JDK: unspecified sandbox bypass (ORB) 1027754 - CVE-2013-5458 IBM JDK: unspecified sandbox bypass (XML) 1027760 - CVE-2013-5457 IBM JDK: unspecified sandbox bypass (ORB) 1027764 - CVE-2013-4041 IBM JDK: unspecified sandbox bypass (JVM) 1027768 - CVE-2013-5375 IBM JDK: unspecified sandbox bypass (XML) 1027825 - CVE-2013-5372 IBM JDK: XML4J xml entity expansion excessive memory use (XML) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.i386.rpm ppc: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.i686.rpm ppc64: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.ppc64.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.s390x.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.s390x.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.s390x.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el6_4.i686.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-3829.html https://www.redhat.com/security/data/cve/CVE-2013-4041.html https://www.redhat.com/security/data/cve/CVE-2013-5372.html https://www.redhat.com/security/data/cve/CVE-2013-5375.html https://www.redhat.com/security/data/cve/CVE-2013-5456.html https://www.redhat.com/security/data/cve/CVE-2013-5457.html https://www.redhat.com/security/data/cve/CVE-2013-5458.html https://www.redhat.com/security/data/cve/CVE-2013-5772.html https://www.redhat.com/security/data/cve/CVE-2013-5774.html https://www.redhat.com/security/data/cve/CVE-2013-5776.html https://www.redhat.com/security/data/cve/CVE-2013-5778.html https://www.redhat.com/security/data/cve/CVE-2013-5780.html https://www.redhat.com/security/data/cve/CVE-2013-5782.html https://www.redhat.com/security/data/cve/CVE-2013-5783.html https://www.redhat.com/security/data/cve/CVE-2013-5784.html https://www.redhat.com/security/data/cve/CVE-2013-5787.html https://www.redhat.com/security/data/cve/CVE-2013-5788.html https://www.redhat.com/security/data/cve/CVE-2013-5789.html https://www.redhat.com/security/data/cve/CVE-2013-5790.html https://www.redhat.com/security/data/cve/CVE-2013-5797.html https://www.redhat.com/security/data/cve/CVE-2013-5800.html https://www.redhat.com/security/data/cve/CVE-2013-5801.html https://www.redhat.com/security/data/cve/CVE-2013-5802.html https://www.redhat.com/security/data/cve/CVE-2013-5803.html https://www.redhat.com/security/data/cve/CVE-2013-5804.html https://www.redhat.com/security/data/cve/CVE-2013-5809.html https://www.redhat.com/security/data/cve/CVE-2013-5812.html https://www.redhat.com/security/data/cve/CVE-2013-5814.html https://www.redhat.com/security/data/cve/CVE-2013-5817.html https://www.redhat.com/security/data/cve/CVE-2013-5818.html https://www.redhat.com/security/data/cve/CVE-2013-5819.html https://www.redhat.com/security/data/cve/CVE-2013-5820.html https://www.redhat.com/security/data/cve/CVE-2013-5823.html https://www.redhat.com/security/data/cve/CVE-2013-5824.html https://www.redhat.com/security/data/cve/CVE-2013-5825.html https://www.redhat.com/security/data/cve/CVE-2013-5829.html https://www.redhat.com/security/data/cve/CVE-2013-5830.html https://www.redhat.com/security/data/cve/CVE-2013-5831.html https://www.redhat.com/security/data/cve/CVE-2013-5832.html https://www.redhat.com/security/data/cve/CVE-2013-5838.html https://www.redhat.com/security/data/cve/CVE-2013-5840.html https://www.redhat.com/security/data/cve/CVE-2013-5842.html https://www.redhat.com/security/data/cve/CVE-2013-5843.html https://www.redhat.com/security/data/cve/CVE-2013-5848.html https://www.redhat.com/security/data/cve/CVE-2013-5849.html https://www.redhat.com/security/data/cve/CVE-2013-5850.html https://www.redhat.com/security/data/cve/CVE-2013-5851.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSe8ghXlSAg2UNWIIRAgQCAJ9O3UvBG+vhMICXle9blDKNTBc/OQCfWgVS R6qJKc835R+WrpHDdTVcaWk= =dGn4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Oracle JRE/JDK: Multiple vulnerabilities Date: January 27, 2014 Bugs: #404071, #421073, #433094, #438706, #451206, #455174, #458444, #460360, #466212, #473830, #473980, #488210, #498148 ID: 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable! 2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 * 3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable! 4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 * 5 app-emulation/emul-linux-x86-java < 1.7.0.51 >= 1.7.0.51 * ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 5 affected packages Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact ====== An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JDK 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51" All Oracle JRE 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51" All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51" All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. References ========== [ 1 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 2 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 3 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 4 ] CVE-2012-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498 [ 5 ] CVE-2012-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499 [ 6 ] CVE-2012-0500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500 [ 7 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 8 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 9 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 10 ] CVE-2012-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504 [ 11 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 12 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 13 ] CVE-2012-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507 [ 14 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 15 ] CVE-2012-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531 [ 16 ] CVE-2012-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532 [ 17 ] CVE-2012-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533 [ 18 ] CVE-2012-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541 [ 19 ] CVE-2012-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682 [ 20 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 21 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 22 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 23 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 24 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 25 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 26 ] CVE-2012-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721 [ 27 ] CVE-2012-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722 [ 28 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 29 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 30 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 31 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 32 ] CVE-2012-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136 [ 33 ] CVE-2012-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143 [ 34 ] CVE-2012-3159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159 [ 35 ] CVE-2012-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174 [ 36 ] CVE-2012-3213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213 [ 37 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 38 ] CVE-2012-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342 [ 39 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 40 ] CVE-2012-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681 [ 41 ] CVE-2012-5067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067 [ 42 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 43 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 44 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 45 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 46 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 47 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 48 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 49 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 50 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 51 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 52 ] CVE-2012-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079 [ 53 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 54 ] CVE-2012-5083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083 [ 55 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 56 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 57 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 58 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 59 ] CVE-2012-5088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088 [ 60 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 61 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 62 ] CVE-2013-0351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351 [ 63 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 64 ] CVE-2013-0402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402 [ 65 ] CVE-2013-0409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409 [ 66 ] CVE-2013-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419 [ 67 ] CVE-2013-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422 [ 68 ] CVE-2013-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423 [ 69 ] CVE-2013-0430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430 [ 70 ] CVE-2013-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437 [ 71 ] CVE-2013-0438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438 [ 72 ] CVE-2013-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445 [ 73 ] CVE-2013-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446 [ 74 ] CVE-2013-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448 [ 75 ] CVE-2013-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449 [ 76 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 77 ] CVE-2013-1473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473 [ 78 ] CVE-2013-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479 [ 79 ] CVE-2013-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481 [ 80 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 81 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 82 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 83 ] CVE-2013-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487 [ 84 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 85 ] CVE-2013-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491 [ 86 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 87 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 88 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 89 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 90 ] CVE-2013-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540 [ 91 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 92 ] CVE-2013-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558 [ 93 ] CVE-2013-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561 [ 94 ] CVE-2013-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563 [ 95 ] CVE-2013-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564 [ 96 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 97 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 98 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 99 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 100 ] CVE-2013-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394 [ 101 ] CVE-2013-2400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400 [ 102 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 103 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 104 ] CVE-2013-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414 [ 105 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 106 ] CVE-2013-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416 [ 107 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 108 ] CVE-2013-2418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418 [ 109 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 110 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 111 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 112 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 113 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 114 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 115 ] CVE-2013-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425 [ 116 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 117 ] CVE-2013-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427 [ 118 ] CVE-2013-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428 [ 119 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 120 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 121 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 122 ] CVE-2013-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432 [ 123 ] CVE-2013-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433 [ 124 ] CVE-2013-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434 [ 125 ] CVE-2013-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435 [ 126 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 127 ] CVE-2013-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437 [ 128 ] CVE-2013-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438 [ 129 ] CVE-2013-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439 [ 130 ] CVE-2013-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440 [ 131 ] CVE-2013-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442 [ 132 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 133 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 134 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 135 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 136 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 137 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 138 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 139 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 140 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 141 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 142 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 143 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 144 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 145 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 146 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 147 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 148 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 149 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 150 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 151 ] CVE-2013-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462 [ 152 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 153 ] CVE-2013-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464 [ 154 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 155 ] CVE-2013-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466 [ 156 ] CVE-2013-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467 [ 157 ] CVE-2013-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468 [ 158 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 159 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 160 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 161 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 162 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 163 ] CVE-2013-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743 [ 164 ] CVE-2013-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744 [ 165 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 166 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 167 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 168 ] CVE-2013-5775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775 [ 169 ] CVE-2013-5776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776 [ 170 ] CVE-2013-5777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777 [ 171 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 172 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 173 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 174 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 175 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 176 ] CVE-2013-5787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787 [ 177 ] CVE-2013-5788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788 [ 178 ] CVE-2013-5789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789 [ 179 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 180 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 181 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 182 ] CVE-2013-5801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801 [ 183 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 184 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 185 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 186 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 187 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 188 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 189 ] CVE-2013-5810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810 [ 190 ] CVE-2013-5812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812 [ 191 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 192 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 193 ] CVE-2013-5818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818 [ 194 ] CVE-2013-5819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819 [ 195 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 196 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 197 ] CVE-2013-5824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824 [ 198 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 199 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 200 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 201 ] CVE-2013-5831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831 [ 202 ] CVE-2013-5832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832 [ 203 ] CVE-2013-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838 [ 204 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 205 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 206 ] CVE-2013-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843 [ 207 ] CVE-2013-5844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844 [ 208 ] CVE-2013-5846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846 [ 209 ] CVE-2013-5848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848 [ 210 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 211 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 212 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 213 ] CVE-2013-5852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852 [ 214 ] CVE-2013-5854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854 [ 215 ] CVE-2013-5870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870 [ 216 ] CVE-2013-5878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878 [ 217 ] CVE-2013-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887 [ 218 ] CVE-2013-5888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888 [ 219 ] CVE-2013-5889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889 [ 220 ] CVE-2013-5893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893 [ 221 ] CVE-2013-5895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895 [ 222 ] CVE-2013-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896 [ 223 ] CVE-2013-5898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898 [ 224 ] CVE-2013-5899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899 [ 225 ] CVE-2013-5902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902 [ 226 ] CVE-2013-5904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904 [ 227 ] CVE-2013-5905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905 [ 228 ] CVE-2013-5906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906 [ 229 ] CVE-2013-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907 [ 230 ] CVE-2013-5910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910 [ 231 ] CVE-2014-0368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368 [ 232 ] CVE-2014-0373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373 [ 233 ] CVE-2014-0375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375 [ 234 ] CVE-2014-0376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376 [ 235 ] CVE-2014-0382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382 [ 236 ] CVE-2014-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385 [ 237 ] CVE-2014-0387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387 [ 238 ] CVE-2014-0403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403 [ 239 ] CVE-2014-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408 [ 240 ] CVE-2014-0410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410 [ 241 ] CVE-2014-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411 [ 242 ] CVE-2014-0415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415 [ 243 ] CVE-2014-0416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416 [ 244 ] CVE-2014-0417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417 [ 245 ] CVE-2014-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418 [ 246 ] CVE-2014-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422 [ 247 ] CVE-2014-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423 [ 248 ] CVE-2014-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424 [ 249 ] CVE-2014-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-30.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04031205 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04031205 Version: 1 HPSBUX02943 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-12-04 Last Updated: 2013-12-04 Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE v6.0.20 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-3829 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2013-4002 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2013-5772 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2013-5774 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-5776 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-5778 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-5780 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-5782 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5783 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2013-5784 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-5787 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5789 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5790 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-5797 (AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5 CVE-2013-5801 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-5802 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2013-5803 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2013-5804 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2013-5809 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5812 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2013-5814 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5817 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5818 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-5819 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-5820 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-5823 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-5824 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5825 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-5829 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5830 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5831 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-5840 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-5842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5843 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-5848 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-5849 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-5852 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location: http://www.hp.com/java OS Version Release Version HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.21 or subsequent MANUAL ACTIONS: Yes - Update For Java v6.0 update to Java v6.0.21 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 =========== Jdk60.JDK60-COM Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W Jre60.JRE60-COM Jre60.JRE60-COM-DOC Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS action: install revision 1.6.0.21.00 or subsequent HP-UX B.11.23 HP-UX B.11.31 =========== Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS action: install revision 1.6.0.21.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 4 December 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
var-201912-0592 An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges. Apple From iCloud for Windows An update for has been released.The expected impact depends on each vulnerability, but can be affected as follows: * Arbitrary code execution * Privilege escalation * information leak. plural Apple The product contains an input validation vulnerability due to a flaw in memory handling.You may be able to elevate privileges through the application. SQLite is prone to the following security vulnerabilities. 1. Multiple privilege-escalation vulnerabilities 2. A memory corruption vulnerability 3. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. SQLite is one of the C-language-based open source embedded relational database management components developed by American software developer D.Richard Hipp. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; Windows-based iCloud prior to 10.4, prior to 7.12; Windows-based iTunes prior to 12.9.5; versions earlier than watchOS 5.2.1. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-13-1 iOS 12.3 iOS 12.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8593: Dany Lisiansky (@DanyL931) Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research CoreAudio Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Disk Images Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8605: Ned Williamson working with Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and Hanul Choi of LINE Security Team Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8591: Ned Williamson working with Google Project Zero Lock Screen Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes Description: A logic issue was addressed with improved restrictions. CVE-2019-8599: Jeremy Peña-Lopez (aka Radio) of the University of North Florida Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: An input validation issue was addressed with improved input validation. CVE-2019-8626: Natalie Silvanovich of Google Project Zero Mail Message Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8613: Natalie Silvanovich of Google Project Zero MobileInstallation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) MobileLockdown Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to gain root privileges Description: An input validation issue was addressed with improved input validation. CVE-2019-8637: Dany Lisiansky (@DanyL931) Photos Storage Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8617: an anonymous researcher SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8600: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: The lock screen may show a locked icon after unlocking Description: The issue was addressed with improved UI handling. CVE-2019-8630: Jon M. Morlan StreamingZip Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) sysdiagnose Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro's Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt Additional recognition Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. CoreFoundation We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian Zhang, Huiming Liu of Tencent's Xuanwu Lab for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero and an anonymous researcher for their assistance. MediaLibrary We would like to acknowledge Angel Ramirez and Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. for their assistance. MobileInstallation We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Safari We would like to acknowledge Ben Guild (@benguild) for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FJJxAA hLu4GEYEBPNLxDWhh49P7k7pe33N8cguJw2iPt6sYkF9swBwzL1AC1y0WiNJejGT Y0PPMG7evpaEVGQwCZvHarNT4g35OUeHdHy4gYAIPfTY15G25jmELL4YTJutWQ0O z6KseXhEq9EqpHKlsT5Q6QOEoUyXVHan33d+H9+4t/jQHFvDqMmwHWO7bKlYyhWW ctG8jbXSgy/OFjSrmbPhfbBfDXQHah8GsFGJAFtlWk+UtQhXNifJT1tj9XAKDtGK V5EQ/hYkYRyyeNPXLiZ/wn6Jesbg8QIrmZB2RHAl1w8XZZY2Gsd1//dTXqn1LkqK gwOV0+Vs//LJwIqix435KKc0ULMwJjIfKy9whzPyf+4lqcD4kx4OdQrakZz4+L7g 4ZZeeyJ0LFFnO4eavtn6lVrYcTXVhJlRkJ6cWZcf9Dfr28bPTSSHda1Nd9quZFJn QPFt7CHRPL1MelgfDKZNeTy7WUDnoTwbdMZCyd0MszCxCeaSahny7066jmfKyXGI OoQQyyz96OmBABcqG3WeCRSeJ3ymmoy2d+JzjA4boIHo4k+nq5ifKikyI8qiHIBB uS3K3DEzMSj/0u2vNcDMjQ6vogbxeWnK8fxCCxkfedYZEdHg4Oj4lK1HStbhweoJ cB3S2pWUIPt8HRcnbUYgypZ0ZJgtnTom+0mgi3a0+64= =fsAj -----END PGP SIGNATURE-----
var-201910-1485 The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. tcpdump Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. tcpdump is a set of sniffing tools run under the command line by the Tcpdump team. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API. These updated images include numerous security fixes, bug fixes, and enhancements. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume 1813506 - Dockerfile not compatible with docker and buildah 1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup 1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement 1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance 1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https) 1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node. 1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default 1842254 - [NooBaa] Compression stats do not add up when compression id disabled 1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster 1849771 - [RFE] Account created by OBC should have same permissions as bucket owner 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot 1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume 1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount 1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params) 1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips "b" and "c" (spawned from Bug 1840084#c14) 1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage 1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards 1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found 1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining 1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script 1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH while running couple of OCS test cases. For the oldstable distribution (stretch), these problems have been fixed in version 4.9.3-1~deb9u1. For the stable distribution (buster), these problems have been fixed in version 4.9.3-1~deb10u1. For the detailed security status of tcpdump please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tcpdump Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl2uIaAACgkQEMKTtsN8 Tjb5ZA/9FxAE0uHVnbXapPaDdrf4JOElV9+iZho4b87YuSXZKch7y/xUtlHMx6Jy 9iYzUd2Cwg0OPRyZii3PjiGSxSrKW9xTYnyfPzI7WdPFWRbeVLw9PKUV9R18fE2u svIuKdeHiJd/MabagWqPffn4ZxgfxlG2Px3xtQhnFchDb7yXAsRUIdWwjIyw1fXR /lRkaehvKkwBHLYtSTnNnMrZyRYNsZBZ6WSeZ5hIFugq9wwWTYXY3vJxR2IUqhq8 veQrHg8DVt58G+GhI7EdmEKB9vJrjtNZBlz8VCiGESxSw/BZjCw2vl20gL2JmV0f 1OA4NaMH7l6Sj2DQDCqHIDN++PGhLkQWUxJHrLV2aqfZ7kn9bxXpX3djUYYjRzpS yaHsAsFOp7zwXkebbvV0dFhjLtst39xRJAEr8dAw6DUmfZqIPazdLv+PGGDpEuuq pcAe6QqrNettT37VCx81PtIQL4BJf1lvTW6VHIwj0MaQ6aFdNImzw/n1ld26ktoV feHER0IM0saIgwj/STOLV1+elNzi9dGdaFArxMRvM/s3fwo8JiYv1qnzfqGtQ6xH 5QwoBwwMZEEkqBvDCTtyFxLgg+Q/iVavwinxIRIb4Ttkr9M+PBL0WldFntlQRrlN SZDCcsvfxjM9aOwNS+tMCoX3CKB7hj94u+ti8MRJCw9I9EOzmZE= =bACv -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update Advisory ID: RHSA-2020:5633-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:5633 Issue date: 2021-02-24 CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 CVE-2021-2007 CVE-2021-3121 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.7.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.0. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2020:5634 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64 The image digest is sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-s390x The image digest is sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le The image digest is sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6 All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Security Fix(es): * crewjam/saml: authentication bypass in saml authentication (CVE-2020-27846) * golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652) * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) * nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774) * kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider (CVE-2020-8563) * containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749) * heketi: gluster-block volume password details available in logs (CVE-2020-10763) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * jwt-go: access restriction bypass vulnerability (CVE-2020-26160) * golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813) * golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.7, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 1620608 - Restoring deployment config with history leads to weird state 1752220 - [OVN] Network Policy fails to work when project label gets overwritten 1756096 - Local storage operator should implement must-gather spec 1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs 1768255 - installer reports 100% complete but failing components 1770017 - Init containers restart when the exited container is removed from node. 1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating 1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset 1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale 1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating `create` commands 1784298 - "Displaying with reduced resolution due to large dataset." would show under some conditions 1785399 - Under condition of heavy pod creation, creation fails with 'error reserving pod name ...: name is reserved" 1797766 - Resource Requirements" specDescriptor fields - CPU and Memory injects empty string YAML editor 1801089 - [OVN] Installation failed and monitoring pod not created due to some network error. 1805025 - [OSP] Machine status doesn't become "Failed" when creating a machine with invalid image 1805639 - Machine status should be "Failed" when creating a machine with invalid machine configuration 1806000 - CRI-O failing with: error reserving ctr name 1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be 1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be 1810438 - Installation logs are not gathered from OCP nodes 1812085 - kubernetes-networking-namespace-pods dashboard doesn't exist 1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation 1813012 - EtcdDiscoveryDomain no longer needed 1813949 - openshift-install doesn't use env variables for OS_* for some of API endpoints 1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use 1819053 - loading OpenAPI spec for "v1beta1.metrics.k8s.io" failed with: OpenAPI spec does not exist 1819457 - Package Server is in 'Cannot update' status despite properly working 1820141 - [RFE] deploy qemu-quest-agent on the nodes 1822744 - OCS Installation CI test flaking 1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario 1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool 1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file 1829723 - User workload monitoring alerts fire out of the box 1832968 - oc adm catalog mirror does not mirror the index image itself 1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN 1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters 1834995 - olmFull suite always fails once th suite is run on the same cluster 1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz 1837953 - Replacing masters doesn't work for ovn-kubernetes 4.4 1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks 1838751 - [oVirt][Tracker] Re-enable skipped network tests 1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups 1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed 1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP 1841119 - Get rid of config patches and pass flags directly to kcm 1841175 - When an Install Plan gets deleted, OLM does not create a new one 1841381 - Issue with memoryMB validation 1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option 1844727 - Etcd container leaves grep and lsof zombie processes 1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs 1847074 - Filter bar layout issues at some screen widths on search page 1848358 - CRDs with preserveUnknownFields:true don't reflect in status that they are non-structural 1849543 - [4.5]kubeletconfig's description will show multiple lines for finalizers when upgrade from 4.4.8->4.5 1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service 1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard 1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing 1851693 - The `oc apply` should return errors instead of hanging there when failing to create the CRD 1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service 1853115 - the restriction of --cloud option should be shown in help text. 1853116 - `--to` option does not work with `--credentials-requests` flag. 1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854567 - "Installed Operators" list showing "duplicated" entries during installation 1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present 1855351 - Inconsistent Installer reactions to Ctrl-C during user input process 1855408 - OVN cluster unstable after running minimal scale test 1856351 - Build page should show metrics for when the build ran, not the last 30 minutes 1856354 - New APIServices missing from OpenAPI definitions 1857446 - ARO/Azure: excessive pod memory allocation causes node lockup 1857877 - Operator upgrades can delete existing CSV before completion 1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed 1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created 1860136 - default ingress does not propagate annotations to route object on update 1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as "Failed" 1860518 - unable to stop a crio pod 1861383 - Route with `haproxy.router.openshift.io/timeout: 365d` kills the ingress controller 1862430 - LSO: PV creation lock should not be acquired in a loop 1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group. 1862608 - Virtual media does not work on hosts using BIOS, only UEFI 1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network 1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff 1865839 - rpm-ostree fails with "System transaction in progress" when moving to kernel-rt 1866043 - Configurable table column headers can be illegible 1866087 - Examining agones helm chart resources results in "Oh no!" 1866261 - Need to indicate the intentional behavior for Ansible in the `create api` help info 1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement 1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity 1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there’s no indication on which labels offer tooltip/help 1866340 - [RHOCS Usability Study][Dashboard] It was not clear why “No persistent storage alerts” was prominently displayed 1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations 1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le & s390x 1866482 - Few errors are seen when oc adm must-gather is run 1866605 - No metadata.generation set for build and buildconfig objects 1866873 - MCDDrainError "Drain failed on , updates may be blocked" missing rendered node name 1866901 - Deployment strategy for BMO allows multiple pods to run at the same time 1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure. 1867165 - Cannot assign static address to baremetal install bootstrap vm 1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig 1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS 1867477 - HPA monitoring cpu utilization fails for deployments which have init containers 1867518 - [oc] oc should not print so many goroutines when ANY command fails 1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster 1867965 - OpenShift Console Deployment Edit overwrites deployment yaml 1868004 - opm index add appears to produce image with wrong registry server binary 1868065 - oc -o jsonpath prints possible warning / bug "Unable to decode server response into a Table" 1868104 - Baremetal actuator should not delete Machine objects 1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead 1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters 1868527 - OpenShift Storage using VMWare vSAN receives error "Failed to add disk 'scsi0:2'" when mounted pod is created on separate node 1868645 - After a disaster recovery pods a stuck in "NodeAffinity" state and not running 1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation 1868765 - [vsphere][ci] could not reserve an IP address: no available addresses 1868770 - catalogSource named "redhat-operators" deleted in a disconnected cluster 1868976 - Prometheus error opening query log file on EBS backed PVC 1869293 - The configmap name looks confusing in aide-ds pod logs 1869606 - crio's failing to delete a network namespace 1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes 1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance] 1870373 - Ingress Operator reports available when DNS fails to provision 1870467 - D/DC Part of Helm / Operator Backed should not have HPA 1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json 1870800 - [4.6] Managed Column not appearing on Pods Details page 1871170 - e2e tests are needed to validate the functionality of the etcdctl container 1872001 - EtcdDiscoveryDomain no longer needed 1872095 - content are expanded to the whole line when only one column in table on Resource Details page 1872124 - Could not choose device type as "disk" or "part" when create localvolumeset from web console 1872128 - Can't run container with hostPort on ipv6 cluster 1872166 - 'Silences' link redirects to unexpected 'Alerts' view after creating a silence in the Developer perspective 1872251 - [aws-ebs-csi-driver] Verify job in CI doesn't check for vendor dir sanity 1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them 1872821 - [DOC] Typo in Ansible Operator Tutorial 1872907 - Fail to create CR from generated Helm Base Operator 1872923 - Click "Cancel" button on the "initialization-resource" creation form page should send users to the "Operator details" page instead of "Install Operator" page (previous page) 1873007 - [downstream] failed to read config when running the operator-sdk in the home path 1873030 - Subscriptions without any candidate operators should cause resolution to fail 1873043 - Bump to latest available 1.19.x k8s 1873114 - Nodes goes into NotReady state (VMware) 1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem 1873305 - Failed to power on /inspect node when using Redfish protocol 1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information 1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: “?” button/icon in Developer Console ->Navigation 1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working 1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters 1874057 - Pod stuck in CreateContainerError - error msg="container_linux.go:348: starting container process caused \"chdir to cwd (\\\"/mount-point\\\") set in config.json failed: permission denied\"" 1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver 1874192 - [RFE] "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider 1874240 - [vsphere] unable to deprovision - Runtime error list attached objects 1874248 - Include validation for vcenter host in the install-config 1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6 1874583 - apiserver tries and fails to log an event when shutting down 1874584 - add retry for etcd errors in kube-apiserver 1874638 - Missing logging for nbctl daemon 1874736 - [downstream] no version info for the helm-operator 1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution 1874968 - Accessibility: The project selection drop down is a keyboard trap 1875247 - Dependency resolution error "found more than one head for channel" is unhelpful for users 1875516 - disabled scheduling is easy to miss in node page of OCP console 1875598 - machine status is Running for a master node which has been terminated from the console 1875806 - When creating a service of type "LoadBalancer" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes. 1876166 - need to be able to disable kube-apiserver connectivity checks 1876469 - Invalid doc link on yaml template schema description 1876701 - podCount specDescriptor change doesn't take effect on operand details page 1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt 1876935 - AWS volume snapshot is not deleted after the cluster is destroyed 1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted 1877105 - add redfish to enabled_bios_interfaces 1877116 - e2e aws calico tests fail with `rpc error: code = ResourceExhausted` 1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown 1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only 'rootDevices' 1877681 - Manually created PV can not be used 1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53 1877740 - RHCOS unable to get ip address during first boot 1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5 1877919 - panic in multus-admission-controller 1877924 - Cannot set BIOS config using Redfish with Dell iDracs 1878022 - Met imagestreamimport error when import the whole image repository 1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default "Filesystem Name" instead of providing a textbox, & the name should be validated 1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status 1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM 1878766 - CPU consumption on nodes is higher than the CPU count of the node. 1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus. 1878823 - "oc adm release mirror" generating incomplete imageContentSources when using "--to" and "--to-release-image" 1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode 1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used 1878953 - RBAC error shows when normal user access pvc upload page 1878956 - `oc api-resources` does not include API version 1878972 - oc adm release mirror removes the architecture information 1879013 - [RFE]Improve CD-ROM interface selection 1879056 - UI should allow to change or unset the evictionStrategy 1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled 1879094 - RHCOS dhcp kernel parameters not working as expected 1879099 - Extra reboot during 4.5 -> 4.6 upgrade 1879244 - Error adding container to network "ipvlan-host-local": "master" field is required 1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder 1879282 - Update OLM references to point to the OLM's new doc site 1879283 - panic after nil pointer dereference in pkg/daemon/update.go 1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests 1879419 - [RFE]Improve boot source description for 'Container' and ‘URL’ 1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted. 1879565 - IPv6 installation fails on node-valid-hostname 1879777 - Overlapping, divergent openshift-machine-api namespace manifests 1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with 'Basic', skipping basic authentication in Log message in thanos-querier pod the oauth-proxy 1879930 - Annotations shouldn't be removed during object reconciliation 1879976 - No other channel visible from console 1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc. 1880148 - dns daemonset rolls out slowly in large clusters 1880161 - Actuator Update calls should have fixed retry time 1880259 - additional network + OVN network installation failed 1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as "Failed" 1880410 - Convert Pipeline Visualization node to SVG 1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn 1880443 - broken machine pool management on OpenStack 1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s. 1880473 - IBM Cloudpak operators installation stuck "UpgradePending" with InstallPlan status updates failing due to size limitation 1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables) 1880785 - CredentialsRequest missing description in `oc explain` 1880787 - No description for Provisioning CRD for `oc explain` 1880902 - need dnsPlocy set in crd ingresscontrollers 1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster 1881027 - Cluster installation fails at with error : the container name \"assisted-installer\" is already in use 1881046 - [OSP] openstack-cinder-csi-driver-operator doesn't contain required manifests and assets 1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node 1881268 - Image uploading failed but wizard claim the source is available 1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration 1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup 1881881 - unable to specify target port manually resulting in application not reachable 1881898 - misalignment of sub-title in quick start headers 1882022 - [vsphere][ipi] directory path is incomplete, terraform can't find the cluster 1882057 - Not able to select access modes for snapshot and clone 1882140 - No description for spec.kubeletConfig 1882176 - Master recovery instructions don't handle IP change well 1882191 - Installation fails against external resources which lack DNS Subject Alternative Name 1882209 - [ BateMetal IPI ] local coredns resolution not working 1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from "Too large resource version" 1882268 - [e2e][automation]Add Integration Test for Snapshots 1882361 - Retrieve and expose the latest report for the cluster 1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use 1882556 - git:// protocol in origin tests is not currently proxied 1882569 - CNO: Replacing masters doesn't work for ovn-kubernetes 4.4 1882608 - Spot instance not getting created on AzureGovCloud 1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance 1882649 - IPI installer labels all images it uploads into glance as qcow2 1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic 1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page 1882660 - Operators in a namespace should be installed together when approve one 1882667 - [ovn] br-ex Link not found when scale up RHEL worker 1882723 - [vsphere]Suggested mimimum value for providerspec not working 1882730 - z systems not reporting correct core count in recording rule 1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully 1882781 - nameserver= option to dracut creates extra NM connection profile 1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined 1882844 - [IPI on vsphere] Executing 'openshift-installer destroy cluster' leaves installer tag categories in vsphere 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1883388 - Bare Metal Hosts Details page doesn't show Mainitenance and Power On/Off status 1883422 - operator-sdk cleanup fail after installing operator with "run bundle" without installmode and og with ownnamespace 1883425 - Gather top installplans and their count 1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2 1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel] 1883538 - must gather report "cannot file manila/aws ebs/ovirt csi related namespaces and objects" error 1883560 - operator-registry image needs clean up in /tmp 1883563 - Creating duplicate namespace from create namespace modal breaks the UI 1883614 - [OCP 4.6] [UI] UI should not describe power cycle as "graceful" 1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate 1883660 - e2e-metal-ipi CI job consistently failing on 4.4 1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests 1883766 - [e2e][automation] Adjust tests for UI changes 1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations 1883773 - opm alpha bundle build fails on win10 home 1883790 - revert "force cert rotation every couple days for development" in 4.7 1883803 - node pull secret feature is not working as expected 1883836 - Jenkins imagestream ubi8 and nodejs12 update 1883847 - The UI does not show checkbox for enable encryption at rest for OCS 1883853 - go list -m all does not work 1883905 - race condition in opm index add --overwrite-latest 1883946 - Understand why trident CSI pods are getting deleted by OCP 1884035 - Pods are illegally transitioning back to pending 1884041 - e2e should provide error info when minimum number of pods aren't ready in kube-system namespace 1884131 - oauth-proxy repository should run tests 1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied 1884221 - IO becomes unhealthy due to a file change 1884258 - Node network alerts should work on ratio rather than absolute values 1884270 - Git clone does not support SCP-style ssh locations 1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout 1884435 - vsphere - loopback is randomly not being added to resolver 1884565 - oauth-proxy crashes on invalid usage 1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy 1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users 1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment 1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu. 1884632 - Adding BYOK disk encryption through DES 1884654 - Utilization of a VMI is not populated 1884655 - KeyError on self._existing_vifs[port_id] 1884664 - Operator install page shows "installing..." instead of going to install status page 1884672 - Failed to inspect hardware. Reason: unable to start inspection: 'idrac' 1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure 1884724 - Quick Start: Serverless quickstart doesn't match Operator install steps 1884739 - Node process segfaulted 1884824 - Update baremetal-operator libraries to k8s 1.19 1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping 1885138 - Wrong detection of pending state in VM details 1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2 1885165 - NoRunningOvnMaster alert falsely triggered 1885170 - Nil pointer when verifying images 1885173 - [e2e][automation] Add test for next run configuration feature 1885179 - oc image append fails on push (uploading a new layer) 1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig 1885218 - [e2e][automation] Add virtctl to gating script 1885223 - Sync with upstream (fix panicking cluster-capacity binary) 1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2 1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2 1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2 1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2 1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2 1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2 1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI 1885315 - unit tests fail on slow disks 1885319 - Remove redundant use of group and kind of DataVolumeTemplate 1885343 - Console doesn't load in iOS Safari when using self-signed certificates 1885344 - 4.7 upgrade - dummy bug for 1880591 1885358 - add p&f configuration to protect openshift traffic 1885365 - MCO does not respect the install section of systemd files when enabling 1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating 1885398 - CSV with only Webhook conversion can't be installed 1885403 - Some OLM events hide the underlying errors 1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case 1885425 - opm index add cannot batch add multiple bundles that use skips 1885543 - node tuning operator builds and installs an unsigned RPM 1885644 - Panic output due to timeouts in openshift-apiserver 1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU < 30 || totalMemory < 72 GiB for initial deployment 1885702 - Cypress: Fix 'aria-hidden-focus' accesibility violations 1885706 - Cypress: Fix 'link-name' accesibility violation 1885761 - DNS fails to resolve in some pods 1885856 - Missing registry v1 protocol usage metric on telemetry 1885864 - Stalld service crashed under the worker node 1885930 - [release 4.7] Collect ServiceAccount statistics 1885940 - kuryr/demo image ping not working 1886007 - upgrade test with service type load balancer will never work 1886022 - Move range allocations to CRD's 1886028 - [BM][IPI] Failed to delete node after scale down 1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas 1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd 1886154 - System roles are not present while trying to create new role binding through web console 1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5->4.6 causes broadcast storm 1886168 - Remove Terminal Option for Windows Nodes 1886200 - greenwave / CVP is failing on bundle validations, cannot stage push 1886229 - Multipath support for RHCOS sysroot 1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage 1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status 1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL 1886397 - Move object-enum to console-shared 1886423 - New Affinities don't contain ID until saving 1886435 - Azure UPI uses deprecated command 'group deployment' 1886449 - p&f: add configuration to protect oauth server traffic 1886452 - layout options doesn't gets selected style on click i.e grey background 1886462 - IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected 1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest 1886524 - Change default terminal command for Windows Pods 1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution 1886600 - panic: assignment to entry in nil map 1886620 - Application behind service load balancer with PDB is not disrupted 1886627 - Kube-apiserver pods restarting/reinitializing periodically 1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider 1886636 - Panic in machine-config-operator 1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer. 1886751 - Gather MachineConfigPools 1886766 - PVC dropdown has 'Persistent Volume' Label 1886834 - ovn-cert is mandatory in both master and node daemonsets 1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState 1886861 - ordered-values.yaml not honored if values.schema.json provided 1886871 - Neutron ports created for hostNetworking pods 1886890 - Overwrite jenkins-agent-base imagestream 1886900 - Cluster-version operator fills logs with "Manifest: ..." spew 1886922 - [sig-network] pods should successfully create sandboxes by getting pod 1886973 - Local storage operator doesn't include correctly populate LocalVolumeDiscoveryResult in console 1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO 1887010 - Imagepruner met error "Job has reached the specified backoff limit" which causes image registry degraded 1887026 - FC volume attach fails with “no fc disk found” error on OCP 4.6 PowerVM cluster 1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6 1887046 - Event for LSO need update to avoid confusion 1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image 1887375 - User should be able to specify volumeMode when creating pvc from web-console 1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console 1887392 - openshift-apiserver: delegated authn/z should have ttl > metrics/healthz/readyz/openapi interval 1887428 - oauth-apiserver service should be monitored by prometheus 1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting "degraded: False" 1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data 1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes 1887465 - Deleted project is still referenced 1887472 - unable to edit application group for KSVC via gestures (shift+Drag) 1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface 1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster 1887525 - Failures to set master HardwareDetails cannot easily be debugged 1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable 1887585 - ovn-masters stuck in crashloop after scale test 1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. 1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator 1887740 - cannot install descheduler operator after uninstalling it 1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events 1887750 - `oc explain localvolumediscovery` returns empty description 1887751 - `oc explain localvolumediscoveryresult` returns empty description 1887778 - Add ContainerRuntimeConfig gatherer 1887783 - PVC upload cannot continue after approve the certificate 1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard 1887799 - User workload monitoring prometheus-config-reloader OOM 1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky 1887863 - Installer panics on invalid flavor 1887864 - Clean up dependencies to avoid invalid scan flagging 1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison 1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig 1888015 - workaround kubelet graceful termination of static pods bug 1888028 - prevent extra cycle in aggregated apiservers 1888036 - Operator details shows old CRD versions 1888041 - non-terminating pods are going from running to pending 1888072 - Setting Supermicro node to PXE boot via Redfish doesn't take affect 1888073 - Operator controller continuously busy looping 1888118 - Memory requests not specified for image registry operator 1888150 - Install Operand Form on OperatorHub is displaying unformatted text 1888172 - PR 209 didn't update the sample archive, but machineset and pdbs are now namespaced 1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build 1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5 1888311 - p&f: make SAR traffic from oauth and openshift apiserver exempt 1888363 - namespaces crash in dev 1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created 1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected 1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC 1888494 - imagepruner pod is error when image registry storage is not configured 1888565 - [OSP] machine-config-daemon-firstboot.service failed with "error reading osImageURL from rpm-ostree" 1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error 1888601 - The poddisruptionbudgets is using the operator service account, instead of gather 1888657 - oc doesn't know its name 1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable 1888671 - Document the Cloud Provider's ignore-volume-az setting 1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image 1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName() 1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set 1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster 1888866 - AggregatedAPIDown permanently firing after removing APIService 1888870 - JS error when using autocomplete in YAML editor 1888874 - hover message are not shown for some properties 1888900 - align plugins versions 1888985 - Cypress: Fix 'Ensures buttons have discernible text' accesibility violation 1889213 - The error message of uploading failure is not clear enough 1889267 - Increase the time out for creating template and upload image in the terraform 1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages) 1889374 - Kiali feature won't work on fresh 4.6 cluster 1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode 1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade 1889515 - Accessibility - The symbols e.g checkmark in the Node > overview page has no text description, label, or other accessible information 1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance 1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown 1889577 - Resources are not shown on project workloads page 1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment 1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages 1889692 - Selected Capacity is showing wrong size 1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15 1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off 1889710 - Prometheus metrics on disk take more space compared to OCP 4.5 1889721 - opm index add semver-skippatch mode does not respect prerelease versions 1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn't see the Disk tab 1889767 - [vsphere] Remove certificate from upi-installer image 1889779 - error when destroying a vSphere installation that failed early 1889787 - OCP is flooding the oVirt engine with auth errors 1889838 - race in Operator update after fix from bz1888073 1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1 1889863 - Router prints incorrect log message for namespace label selector 1889891 - Backport timecache LRU fix 1889912 - Drains can cause high CPU usage 1889921 - Reported Degraded=False Available=False pair does not make sense 1889928 - [e2e][automation] Add more tests for golden os 1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName 1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings 1890074 - MCO extension kernel-headers is invalid 1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest 1890130 - multitenant mode consistently fails CI 1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e 1890145 - The mismatched of font size for Status Ready and Health Check secondary text 1890180 - FieldDependency x-descriptor doesn't support non-sibling fields 1890182 - DaemonSet with existing owner garbage collected 1890228 - AWS: destroy stuck on route53 hosted zone not found 1890235 - e2e: update Protractor's checkErrors logging 1890250 - workers may fail to join the cluster during an update from 4.5 1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member 1890270 - External IP doesn't work if the IP address is not assigned to a node 1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability 1890456 - [vsphere] mapi_instance_create_failed doesn't work on vsphere 1890467 - unable to edit an application without a service 1890472 - [Kuryr] Bulk port creation exception not completely formatted 1890494 - Error assigning Egress IP on GCP 1890530 - cluster-policy-controller doesn't gracefully terminate 1890630 - [Kuryr] Available port count not correctly calculated for alerts 1890671 - [SA] verify-image-signature using service account does not work 1890677 - 'oc image info' claims 'does not exist' for application/vnd.oci.image.manifest.v1+json manifest 1890808 - New etcd alerts need to be added to the monitoring stack 1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn't sync the "overall" sha it syncs only the sub arch sha. 1890984 - Rename operator-webhook-config to sriov-operator-webhook-config 1890995 - wew-app should provide more insight into why image deployment failed 1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call 1891047 - Helm chart fails to install using developer console because of TLS certificate error 1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler 1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI 1891108 - p&f: Increase the concurrency share of workload-low priority level 1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine) 1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown 1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn't meet requirements of chart) 1891362 - Wrong metrics count for openshift_build_result_total 1891368 - fync should be fsync for etcdHighFsyncDurations alert's annotations.message 1891374 - fync should be fsync for etcdHighFsyncDurations critical alert's annotations.message 1891376 - Extra text in Cluster Utilization charts 1891419 - Wrong detail head on network policy detail page. 1891459 - Snapshot tests should report stderr of failed commands 1891498 - Other machine config pools do not show during update 1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage 1891551 - Clusterautoscaler doesn't scale up as expected 1891552 - Handle missing labels as empty. 1891555 - The windows oc.exe binary does not have version metadata 1891559 - kuryr-cni cannot start new thread 1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11 1891625 - [Release 4.7] Mutable LoadBalancer Scope 1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml 1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails 1891740 - OperatorStatusChanged is noisy 1891758 - the authentication operator may spam DeploymentUpdated event endlessly 1891759 - Dockerfile builds cannot change /etc/pki/ca-trust 1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1 1891825 - Error message not very informative in case of mode mismatch 1891898 - The ClusterServiceVersion can define Webhooks that cannot be created. 1891951 - UI should show warning while creating pools with compression on 1891952 - [Release 4.7] Apps Domain Enhancement 1891993 - 4.5 to 4.6 upgrade doesn't remove deployments created by marketplace 1891995 - OperatorHub displaying old content 1891999 - Storage efficiency card showing wrong compression ratio 1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by ./opm) 1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. 1892198 - TypeError in 'Performance Profile' tab displayed for 'Performance Addon Operator' 1892288 - assisted install workflow creates excessive control-plane disruption 1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config 1892358 - [e2e][automation] update feature gate for kubevirt-gating job 1892376 - Deleted netnamespace could not be re-created 1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky 1892393 - TestListPackages is flaky 1892448 - MCDPivotError alert/metric missing 1892457 - NTO-shipped stalld needs to use FIFO for boosting. 1892467 - linuxptp-daemon crash 1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env 1892653 - User is unable to create KafkaSource with v1beta 1892724 - VFS added to the list of devices of the nodeptpdevice CRD 1892799 - Mounting additionalTrustBundle in the operator 1893117 - Maintenance mode on vSphere blocks installation. 1893351 - TLS secrets are not able to edit on console. 1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots 1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky "worker" assumption when guessing about ingress availability 1893546 - Deploy using virtual media fails on node cleaning step 1893601 - overview filesystem utilization of OCP is showing the wrong values 1893645 - oc describe route SIGSEGV 1893648 - Ironic image building process is not compatible with UEFI secure boot 1893724 - OperatorHub generates incorrect RBAC 1893739 - Force deletion doesn't work for snapshots if snapshotclass is already deleted 1893776 - No useful metrics for image pull time available, making debugging issues there impossible 1893798 - Lots of error messages starting with "get namespace to enqueue Alertmanager instances failed" in the logs of prometheus-operator 1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD 1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS 1893926 - Some "Dynamic PV (block volmode)" pattern storage e2e tests are wrongly skipped 1893944 - Wrong product name for Multicloud Object Gateway 1893953 - (release-4.7) Gather default StatefulSet configs 1893956 - Installation always fails at "failed to initialize the cluster: Cluster operator image-registry is still updating" 1893963 - [Testday] Workloads-> Virtualization is not loading for Firefox browser 1893972 - Should skip e2e test cases as early as possible 1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without 'https://' 1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective 1894025 - OCP 4.5 to 4.6 upgrade for "aws-ebs-csi-driver-operator" fails when "defaultNodeSelector" is set 1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used. 1894065 - tag new packages to enable TLS support 1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0 1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries 1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM 1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted 1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI) 1894216 - Improve OpenShift Web Console availability 1894275 - Fix CRO owners file to reflect node owner 1894278 - "database is locked" error when adding bundle to index image 1894330 - upgrade channels needs to be updated for 4.7 1894342 - oauth-apiserver logs many "[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient" 1894374 - Dont prevent the user from uploading a file with incorrect extension 1894432 - [oVirt] sometimes installer timeout on tmp_import_vm 1894477 - bash syntax error in nodeip-configuration.service 1894503 - add automated test for Polarion CNV-5045 1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform 1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets 1894645 - Cinder volume provisioning crashes on nil cloud provider 1894677 - image-pruner job is panicking: klog stack 1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0 1894860 - 'backend' CI job passing despite failing tests 1894910 - Update the node to use the real-time kernel fails 1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package 1895065 - Schema / Samples / Snippets Tabs are all selected at the same time 1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI 1895141 - panic in service-ca injector 1895147 - Remove memory limits on openshift-dns 1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation 1895268 - The bundleAPIs should NOT be empty 1895309 - [OCP v47] The RHEL node scaleup fails due to "No package matching 'cri-o-1.19.*' found available" on OCP 4.7 cluster 1895329 - The infra index filled with warnings "WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release" 1895360 - Machine Config Daemon removes a file although its defined in the dropin 1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1 1895372 - Web console going blank after selecting any operator to install from OperatorHub 1895385 - Revert KUBELET_LOG_LEVEL back to level 3 1895423 - unable to edit an application with a custom builder image 1895430 - unable to edit custom template application 1895509 - Backup taken on one master cannot be restored on other masters 1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image 1895838 - oc explain description contains '/' 1895908 - "virtio" option is not available when modifying a CD-ROM to disk type 1895909 - e2e-metal-ipi-ovn-dualstack is failing 1895919 - NTO fails to load kernel modules 1895959 - configuring webhook token authentication should prevent cluster upgrades 1895979 - Unable to get coreos-installer with --copy-network to work 1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV 1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded) 1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed 1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest 1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded 1896244 - Found a panic in storage e2e test 1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general 1896302 - [e2e][automation] Fix 4.6 test failures 1896365 - [Migration]The SDN migration cannot revert under some conditions 1896384 - [ovirt IPI]: local coredns resolution not working 1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6 1896529 - Incorrect instructions in the Serverless operator and application quick starts 1896645 - documentationBaseURL needs to be updated for 4.7 1896697 - [Descheduler] policy.yaml param in cluster configmap is empty 1896704 - Machine API components should honour cluster wide proxy settings 1896732 - "Attach to Virtual Machine OS" button should not be visible on old clusters 1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator 1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails 1896918 - start creating new-style Secrets for AWS 1896923 - DNS pod /metrics exposed on anonymous http port 1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters 1897003 - VNC console cannot be connected after visit it in new window 1897008 - Cypress: reenable check for 'aria-hidden-focus' rule & checkA11y test for modals 1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO 1897039 - router pod keeps printing log: template "msg"="router reloaded" "output"="[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option 'http-use-htx' is deprecated and ignored 1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV. 1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces 1897138 - oVirt provider uses depricated cluster-api project 1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly 1897252 - Firing alerts are not showing up in console UI after cluster is up for some time 1897354 - Operator installation showing success, but Provided APIs are missing 1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with "connection refused" 1897412 - [sriov]disableDrain did not be updated in CRD of manifest 1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page 1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to 'localhost' 1897520 - After restarting nodes the image-registry co is in degraded true state. 1897584 - Add casc plugins 1897603 - Cinder volume attachment detection failure in Kubelet 1897604 - Machine API deployment fails: Kube-Controller-Manager can't reach API: "Unauthorized" 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests 1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition 1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service` 1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing 1897897 - ptp lose sync openshift 4.6 1898036 - no network after reboot (IPI) 1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically 1898097 - mDNS floods the baremetal network 1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem 1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied 1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster 1898174 - [OVN] EgressIP does not guard against node IP assignment 1898194 - GCP: can't install on custom machine types 1898238 - Installer validations allow same floating IP for API and Ingress 1898268 - [OVN]: `make check` broken on 4.6 1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default 1898320 - Incorrect Apostrophe Translation of "it's" in Scheduling Disabled Popover 1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display. 1898407 - [Deployment timing regression] Deployment takes longer with 4.7 1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service 1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine 1898500 - Failure to upgrade operator when a Service is included in a Bundle 1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic 1898532 - Display names defined in specDescriptors not respected 1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted 1898613 - Whereabouts should exclude IPv6 ranges 1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase 1898679 - Operand creation form - Required "type: object" properties (Accordion component) are missing red asterisk 1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability 1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator 1898839 - Wrong YAML in operator metadata 1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job 1898873 - Remove TechPreview Badge from Monitoring 1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way 1899111 - [RFE] Update jenkins-maven-agen to maven36 1899128 - VMI details screen -> show the warning that it is preferable to have a VM only if the VM actually does not exist 1899175 - bump the RHCOS boot images for 4.7 1899198 - Use new packages for ipa ramdisks 1899200 - In Installed Operators page I cannot search for an Operator by it's name 1899220 - Support AWS IMDSv2 1899350 - configure-ovs.sh doesn't configure bonding options 1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error "An error occurred Not Found" 1899459 - Failed to start monitoring pods once the operator removed from override list of CVO 1899515 - Passthrough credentials are not immediately re-distributed on update 1899575 - update discovery burst to reflect lots of CRDs on openshift clusters 1899582 - update discovery burst to reflect lots of CRDs on openshift clusters 1899588 - Operator objects are re-created after all other associated resources have been deleted 1899600 - Increased etcd fsync latency as of OCP 4.6 1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup 1899627 - Project dashboard Active status using small icon 1899725 - Pods table does not wrap well with quick start sidebar open 1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD) 1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality 1899835 - catalog-operator repeatedly crashes with "runtime error: index out of range [0] with length 0" 1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap 1899853 - additionalSecurityGroupIDs not working for master nodes 1899922 - NP changes sometimes influence new pods. 1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet 1900008 - Fix internationalized sentence fragments in ImageSearch.tsx 1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx 1900020 - Remove &apos; from internationalized keys 1900022 - Search Page - Top labels field is not applied to selected Pipeline resources 1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently 1900126 - Creating a VM results in suggestion to create a default storage class when one already exists 1900138 - [OCP on RHV] Remove insecure mode from the installer 1900196 - stalld is not restarted after crash 1900239 - Skip "subPath should be able to unmount" NFS test 1900322 - metal3 pod's toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists 1900377 - [e2e][automation] create new css selector for active users 1900496 - (release-4.7) Collect spec config for clusteroperator resources 1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks 1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue 1900759 - include qemu-guest-agent by default 1900790 - Track all resource counts via telemetry 1900835 - Multus errors when cachefile is not found 1900935 - `oc adm release mirror` panic panic: runtime error 1900989 - accessing the route cannot wake up the idled resources 1901040 - When scaling down the status of the node is stuck on deleting 1901057 - authentication operator health check failed when installing a cluster behind proxy 1901107 - pod donut shows incorrect information 1901111 - Installer dependencies are broken 1901200 - linuxptp-daemon crash when enable debug log level 1901301 - CBO should handle platform=BM without provisioning CR 1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly 1901363 - High Podready Latency due to timed out waiting for annotations 1901373 - redundant bracket on snapshot restore button 1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with "timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true" 1901395 - "Edit virtual machine template" action link should be removed 1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting 1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP 1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema 1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod "before all" hook for "creates the resource instance" 1901604 - CNO blocks editing Kuryr options 1901675 - [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled 1901909 - The device plugin pods / cni pod are restarted every 5 minutes 1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service 1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error 1902059 - Wire a real signer for service accout issuer 1902091 - `cluster-image-registry-operator` pod leaves connections open when fails connecting S3 storage 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902157 - The DaemonSet machine-api-termination-handler couldn't allocate Pod 1902253 - MHC status doesnt set RemediationsAllowed = 0 1902299 - Failed to mirror operator catalog - error: destination registry required 1902545 - Cinder csi driver node pod should add nodeSelector for Linux 1902546 - Cinder csi driver node pod doesn't run on master node 1902547 - Cinder csi driver controller pod doesn't run on master node 1902552 - Cinder csi driver does not use the downstream images 1902595 - Project workloads list view doesn't show alert icon and hover message 1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent 1902601 - Cinder csi driver pods run as BestEffort qosClass 1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group 1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails 1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked 1902824 - failed to generate semver informed package manifest: unable to determine default channel 1902894 - hybrid-overlay-node crashing trying to get node object during initialization 1902969 - Cannot load vmi detail page 1902981 - It should default to current namespace when create vm from template 1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI 1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry 1903034 - OLM continuously printing debug logs 1903062 - [Cinder csi driver] Deployment mounted volume have no write access 1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready 1903107 - Enable vsphere-problem-detector e2e tests 1903164 - OpenShift YAML editor jumps to top every few seconds 1903165 - Improve Canary Status Condition handling for e2e tests 1903172 - Column Management: Fix sticky footer on scroll 1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled 1903188 - [Descheduler] cluster log reports failed to validate server configuration" err="unsupported log format: 1903192 - Role name missing on create role binding form 1903196 - Popover positioning is misaligned for Overview Dashboard status items 1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends. 1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components 1903248 - Backport Upstream Static Pod UID patch 1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests] 1903290 - Kubelet repeatedly log the same log line from exited containers 1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption. 1903382 - Panic when task-graph is canceled with a TaskNode with no tasks 1903400 - Migrate a VM which is not running goes to pending state 1903402 - Nic/Disk on VMI overview should link to VMI's nic/disk page 1903414 - NodePort is not working when configuring an egress IP address 1903424 - mapi_machine_phase_transition_seconds_sum doesn't work 1903464 - "Evaluating rule failed" for "record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum" and "record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum" 1903639 - Hostsubnet gatherer produces wrong output 1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service 1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started 1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image 1903717 - Handle different Pod selectors for metal3 Deployment 1903733 - Scale up followed by scale down can delete all running workers 1903917 - Failed to load "Developer Catalog" page 1903999 - Httplog response code is always zero 1904026 - The quota controllers should resync on new resources and make progress 1904064 - Automated cleaning is disabled by default 1904124 - DHCP to static lease script doesn't work correctly if starting with infinite leases 1904125 - Boostrap VM .ign image gets added into 'default' pool instead of <cluster-name>-<id>-bootstrap 1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails 1904133 - KubeletConfig flooded with failure conditions 1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart 1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi ! 1904244 - MissingKey errors for two plugins using i18next.t 1904262 - clusterresourceoverride-operator has version: 1.0.0 every build 1904296 - VPA-operator has version: 1.0.0 every build 1904297 - The index image generated by "opm index prune" leaves unrelated images 1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards 1904385 - [oVirt] registry cannot mount volume on 4.6.4 -> 4.6.6 upgrade 1904497 - vsphere-problem-detector: Run on vSphere cloud only 1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set 1904502 - vsphere-problem-detector: allow longer timeouts for some operations 1904503 - vsphere-problem-detector: emit alerts 1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody) 1904578 - metric scraping for vsphere problem detector is not configured 1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -> 4.6.6 upgrade 1904663 - IPI pointer customization MachineConfig always generated 1904679 - [Feature:ImageInfo] Image info should display information about images 1904683 - `[sig-builds][Feature:Builds] s2i build with a root user image` tests use docker.io image 1904684 - [sig-cli] oc debug ensure it works with image streams 1904713 - Helm charts with kubeVersion restriction are filtered incorrectly 1904776 - Snapshot modal alert is not pluralized 1904824 - Set vSphere hostname from guestinfo before NM starts 1904941 - Insights status is always showing a loading icon 1904973 - KeyError: 'nodeName' on NP deletion 1904985 - Prometheus and thanos sidecar targets are down 1904993 - Many ampersand special characters are found in strings 1905066 - QE - Monitoring test cases - smoke test suite automation 1905074 - QE -Gherkin linter to maintain standards 1905100 - Too many haproxy processes in default-router pod causing high load average 1905104 - Snapshot modal disk items missing keys 1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm 1905119 - Race in AWS EBS determining whether custom CA bundle is used 1905128 - [e2e][automation] e2e tests succeed without actually execute 1905133 - operator conditions special-resource-operator 1905141 - vsphere-problem-detector: report metrics through telemetry 1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures 1905194 - Detecting broken connections to the Kube API takes up to 15 minutes 1905221 - CVO transitions from "Initializing" to "Updating" despite not attempting many manifests 1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP 1905253 - Inaccurate text at bottom of Events page 1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory 1905299 - OLM fails to update operator 1905307 - Provisioning CR is missing from must-gather 1905319 - cluster-samples-operator containers are not requesting required memory resource 1905320 - csi-snapshot-webhook is not requesting required memory resource 1905323 - dns-operator is not requesting required memory resource 1905324 - ingress-operator is not requesting required memory resource 1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory 1905328 - Changing the bound token service account issuer invalids previously issued bound tokens 1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory 1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory 1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails 1905347 - QE - Design Gherkin Scenarios 1905348 - QE - Design Gherkin Scenarios 1905362 - [sriov] Error message 'Fail to update DaemonSet' always shown in sriov operator pod 1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted 1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input 1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation 1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1 1905404 - The example of "Remove the entrypoint on the mysql:latest image" for `oc image append` does not work 1905416 - Hyperlink not working from Operator Description 1905430 - usbguard extension fails to install because of missing correct protobuf dependency version 1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads 1905502 - Test flake - unable to get https transport for ephemeral-registry 1905542 - [GSS] The "External" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6. 1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs 1905610 - Fix typo in export script 1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster 1905640 - Subscription manual approval test is flaky 1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry 1905696 - ClusterMoreUpdatesModal component did not get internationalized 1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes 1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project 1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster 1905792 - [OVN]Cannot create egressfirewalll with dnsName 1905889 - Should create SA for each namespace that the operator scoped 1905920 - Quickstart exit and restart 1905941 - Page goes to error after create catalogsource 1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711 1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters 1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected 1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it 1906118 - OCS feature detection constantly polls storageclusters and storageclasses 1906120 - 'Create Role Binding' form not setting user or group value when created from a user or group resource 1906121 - [oc] After new-project creation, the kubeconfig file does not set the project 1906134 - OLM should not create OperatorConditions for copied CSVs 1906143 - CBO supports log levels 1906186 - i18n: Translators are not able to translate `this` without context for alert manager config 1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots 1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize. 1906276 - `oc image append` can't work with multi-arch image with --filter-by-os='.*' 1906318 - use proper term for Authorized SSH Keys 1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional 1906356 - Unify Clone PVC boot source flow with URL/Container boot source 1906397 - IPA has incorrect kernel command line arguments 1906441 - HorizontalNav and NavBar have invalid keys 1906448 - Deploy using virtualmedia with provisioning network disabled fails - 'Failed to connect to the agent' in ironic-conductor log 1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project 1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node's memory and killing them 1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures 1906511 - Root reprovisioning tests flaking often in CI 1906517 - Validation is not robust enough and may prevent to generate install-confing. 1906518 - Update snapshot API CRDs to v1 1906519 - Update LSO CRDs to use v1 1906570 - Number of disruptions caused by reboots on a cluster cannot be measured 1906588 - [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope 1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs 1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs 1906679 - quick start panel styles are not loaded 1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber 1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form 1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created 1906689 - user can pin to nav configmaps and secrets multiple times 1906691 - Add doc which describes disabling helm chart repository 1906713 - Quick starts not accesible for a developer user 1906718 - helm chart "provided by Redhat" is misspelled 1906732 - Machine API proxy support should be tested 1906745 - Update Helm endpoints to use Helm 3.4.x 1906760 - performance issues with topology constantly re-rendering 1906766 - localized `Autoscaled` & `Autoscaling` pod texts overlap with the pod ring 1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section 1906769 - topology fails to load with non-kubeadmin user 1906770 - shortcuts on mobiles view occupies a lot of space 1906798 - Dev catalog customization doesn't update console-config ConfigMap 1906806 - Allow installing extra packages in ironic container images 1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer 1906835 - Topology view shows add page before then showing full project workloads 1906840 - ClusterOperator should not have status "Updating" if operator version is the same as the release version 1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy 1906860 - Bump kube dependencies to v1.20 for Net Edge components 1906864 - Quick Starts Tour: Need to adjust vertical spacing 1906866 - Translations of Sample-Utils 1906871 - White screen when sort by name in monitoring alerts page 1906872 - Pipeline Tech Preview Badge Alignment 1906875 - Provide an option to force backup even when API is not available. 1906877 - Placeholder' value in search filter do not match column heading in Vulnerabilities 1906879 - Add missing i18n keys 1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install 1906896 - No Alerts causes odd empty Table (Need no content message) 1906898 - Missing User RoleBindings in the Project Access Web UI 1906899 - Quick Start - Highlight Bounding Box Issue 1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1 1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers 1906935 - Delete resources when Provisioning CR is deleted 1906968 - Must-gather should support collecting kubernetes-nmstate resources 1906986 - Ensure failed pod adds are retried even if the pod object doesn't change 1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt 1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change 1907211 - beta promotion of p&f switched storage version to v1beta1, making downgrades impossible. 1907269 - Tooltips data are different when checking stack or not checking stack for the same time 1907280 - Install tour of OCS not available. 1907282 - Topology page breaks with white screen 1907286 - The default mhc machine-api-termination-handler couldn't watch spot instance 1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent 1907293 - Increase timeouts in e2e tests 1907295 - Gherkin script for improve management for helm 1907299 - Advanced Subscription Badge for KMS and Arbiter not present 1907303 - Align VM template list items by baseline 1907304 - Use PF styles for selected template card in VM Wizard 1907305 - Drop 'ISO' from CDROM boot source message 1907307 - Support and provider labels should be passed on between templates and sources 1907310 - Pin action should be renamed to favorite 1907312 - VM Template source popover is missing info about added date 1907313 - ClusterOperator objects cannot be overriden with cvo-overrides 1907328 - iproute-tc package is missing in ovn-kube image 1907329 - CLUSTER_PROFILE env. variable is not used by the CVO 1907333 - Node stuck in degraded state, mcp reports "Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached" 1907373 - Rebase to kube 1.20.0 1907375 - Bump to latest available 1.20.x k8s - workloads team 1907378 - Gather netnamespaces networking info 1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity 1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn't match the CSV one 1907390 - prometheus-adapter: panic after k8s 1.20 bump 1907399 - build log icon link on topology nodes cause app to reload 1907407 - Buildah version not accessible 1907421 - [4.6.1]oc-image-mirror command failed on "error: unable to copy layer" 1907453 - Dev Perspective -> running vm details -> resources -> no data 1907454 - Install PodConnectivityCheck CRD with CNO 1907459 - "The Boot source is also maintained by Red Hat." is always shown for all boot sources 1907475 - Unable to estimate the error rate of ingress across the connected fleet 1907480 - `Active alerts` section throwing forbidden error for users. 1907518 - Kamelets/Eventsource should be shown to user if they have create access 1907543 - Korean timestamps are shown when users' language preferences are set to German-en-en-US 1907610 - Update kubernetes deps to 1.20 1907612 - Update kubernetes deps to 1.20 1907621 - openshift/installer: bump cluster-api-provider-kubevirt version 1907628 - Installer does not set primary subnet consistently 1907632 - Operator Registry should update its kubernetes dependencies to 1.20 1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters 1907644 - fix up handling of non-critical annotations on daemonsets/deployments 1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?) 1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication 1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail 1907767 - [e2e][automation]update test suite for kubevirt plugin 1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don't allow master and worker nodes to boot 1907792 - The `overrides` of the OperatorCondition cannot block the operator upgrade 1907793 - Surface support info in VM template details 1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage 1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set 1907863 - Quickstarts status not updating when starting the tour 1907872 - dual stack with an ipv6 network fails on bootstrap phase 1907874 - QE - Design Gherkin Scenarios for epic ODC-5057 1907875 - No response when try to expand pvc with an invalid size 1907876 - Refactoring record package to make gatherer configurable 1907877 - QE - Automation- pipelines builder scripts 1907883 - Fix Pipleine creation without namespace issue 1907888 - Fix pipeline list page loader 1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form 1907892 - Unable to edit application deployed using "From Devfile" option 1907893 - navSortUtils.spec.ts unit test failure 1907896 - When a workload is added, Topology does not place the new items well 1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template 1907924 - Enable madvdontneed in OpenShift Images 1907929 - Enable madvdontneed in OpenShift System Components Part 2 1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot 1907947 - The kubeconfig saved in tenantcluster shouldn't include anything that is not related to the current context 1907948 - OCM-O bump to k8s 1.20 1907952 - bump to k8s 1.20 1907972 - Update OCM link to open Insights tab 1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI 1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916 1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni 1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk 1908035 - dynamic-demo-plugin build does not generate dist directory 1908135 - quick search modal is not centered over topology 1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled 1908159 - [AWS C2S] MCO fails to sync cloud config 1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384) 1908180 - Add source for template is stucking in preparing pvc 1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens 1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN 1908277 - QE - Automation- pipelines actions scripts 1908280 - Documentation describing `ignore-volume-az` is incorrect 1908296 - Fix pipeline builder form yaml switcher validation issue 1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI 1908323 - Create button missing for PLR in the search page 1908342 - The new pv_collector_total_pv_count is not reported via telemetry 1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name 1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots 1908349 - Volume snapshot tests are failing after 1.20 rebase 1908353 - QE - Automation- pipelines runs scripts 1908361 - bump to k8s 1.20 1908367 - QE - Automation- pipelines triggers scripts 1908370 - QE - Automation- pipelines secrets scripts 1908375 - QE - Automation- pipelines workspaces scripts 1908381 - Go Dependency Fixes for Devfile Lib 1908389 - Loadbalancer Sync failing on Azure 1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived 1908407 - Backport Upstream 95269 to fix potential crash in kubelet 1908410 - Exclude Yarn from VSCode search 1908425 - Create Role Binding form subject type and name are undefined when All Project is selected 1908431 - When the marketplace-operator pod get's restarted, the custom catalogsources are gone, as well as the pods 1908434 - Remove &apos from metal3-plugin internationalized strings 1908437 - Operator backed with no icon has no badge associated with the CSV tag 1908459 - bump to k8s 1.20 1908461 - Add bugzilla component to OWNERS file 1908462 - RHCOS 4.6 ostree removed dhclient 1908466 - CAPO AZ Screening/Validating 1908467 - Zoom in and zoom out in topology package should be sentence case 1908468 - [Azure][4.7] Installer can't properly parse instance type with non integer memory size 1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster 1908471 - OLM should bump k8s dependencies to 1.20 1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests 1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM 1908545 - VM clone dialog does not open 1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard 1908562 - Pod readiness is not being observed in real world cases 1908565 - [4.6] Cannot filter the platform/arch of the index image 1908573 - Align the style of flavor 1908583 - bootstrap does not run on additional networks if configured for master in install-config 1908596 - Race condition on operator installation 1908598 - Persistent Dashboard shows events for all provisioners 1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state 1908648 - Skip TestKernelType test on OKD, adjust TestExtensions 1908650 - The title of customize wizard is inconsistent 1908654 - cluster-api-provider: volumes and disks names shouldn't change by machine-api-operator 1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s] 1908687 - Option to save user settings separate when using local bridge (affects console developers only) 1908697 - Show `kubectl diff ` command in the oc diff help page 1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom 1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds 1908717 - "missing unit character in duration" error in some network dashboards 1908746 - [Safari] Drop Shadow doesn't works as expected on hover on workload 1908747 - stale S3 CredentialsRequest in CCO manifest 1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase 1908830 - RHCOS 4.6 - Missing Initiatorname 1908868 - Update empty state message for EventSources and Channels tab 1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1908888 - Dualstack does not work with multiple gateways 1908889 - Bump CNO to k8s 1.20 1908891 - TestDNSForwarding DNS operator e2e test is failing frequently 1908914 - CNO: upgrade nodes before masters 1908918 - Pipeline builder yaml view sidebar is not responsive 1908960 - QE - Design Gherkin Scenarios 1908971 - Gherkin Script for pipeline debt 4.7 1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated 1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console 1908998 - [cinder-csi-driver] doesn't detect the credentials change 1909004 - "No datapoints found" for RHEL node's filesystem graph 1909005 - i18n: workloads list view heading is not translated 1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects 1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type 1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware 1909067 - Web terminal should keep latest output when connection closes 1909070 - PLR and TR Logs component is not streaming as fast as tkn 1909092 - Error Message should not confuse user on Channel form 1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page 1909108 - Machine API components should use 1.20 dependencies 1909116 - Catalog Sort Items dropdown is not aligned on Firefox 1909198 - Move Sink action option is not working 1909207 - Accessibility Issue on monitoring page 1909236 - Remove pinned icon overlap on resource name 1909249 - Intermittent packet drop from pod to pod 1909276 - Accessibility Issue on create project modal 1909289 - oc debug of an init container no longer works 1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2 1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle 1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it 1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O 1909464 - Build operator-registry with golang-1.15 1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found 1909521 - Add kubevirt cluster type for e2e-test workflow 1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created 1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node 1909610 - Fix available capacity when no storage class selected 1909678 - scale up / down buttons available on pod details side panel 1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART 1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined 1909739 - Arbiter request data changes 1909744 - cluster-api-provider-openstack: Bump gophercloud 1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline 1909791 - Update standalone kube-proxy config for EndpointSlice 1909792 - Empty states for some details page subcomponents are not i18ned 1909815 - Perspective switcher is only half-i18ned 1909821 - OCS 4.7 LSO installation blocked because of Error "Invalid value: "integer": spec.flexibleScaling in body 1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn't installed in CI 1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing 1909911 - [OVN]EgressFirewall caused a segfault 1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument 1909958 - Support Quick Start Highlights Properly 1909978 - ignore-volume-az = yes not working on standard storageClass 1909981 - Improve statement in template select step 1909992 - Fail to pull the bundle image when using the private index image 1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev 1910036 - QE - Design Gherkin Scenarios ODC-4504 1910049 - UPI: ansible-galaxy is not supported 1910127 - [UPI on oVirt]: Improve UPI Documentation 1910140 - fix the api dashboard with changes in upstream kube 1.20 1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment's containers with the OPERATOR_CONDITION_NAME Environment Variable 1910165 - DHCP to static lease script doesn't handle multiple addresses 1910305 - [Descheduler] - The minKubeVersion should be 1.20.0 1910409 - Notification drawer is not localized for i18n 1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials 1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation 1910501 - Installed Operators->Operand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page 1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work 1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready 1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability 1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded 1910739 - Redfish-virtualmedia (idrac) deploy fails on "The Virtual Media image server is already connected" 1910753 - Support Directory Path to Devfile 1910805 - Missing translation for Pipeline status and breadcrumb text 1910829 - Cannot delete a PVC if the dv's phase is WaitForFirstConsumer 1910840 - Show Nonexistent command info in the `oc rollback -h` help page 1910859 - breadcrumbs doesn't use last namespace 1910866 - Unify templates string 1910870 - Unify template dropdown action 1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6 1911129 - Monitoring charts renders nothing when switching from a Deployment to "All workloads" 1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard 1911212 - [MSTR-998] API Performance Dashboard "Period" drop-down has a choice "$__auto_interval_period" which can bring "1:154: parse error: missing unit character in duration" 1911213 - Wrong and misleading warning for VMs that were created manually (not from template) 1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created 1911269 - waiting for the build message present when build exists 1911280 - Builder images are not detected for Dotnet, Httpd, NGINX 1911307 - Pod Scale-up requires extra privileges in OpenShift web-console 1911381 - "Select Persistent Volume Claim project" shows in customize wizard when select a source available template 1911382 - "source volumeMode (Block) and target volumeMode (Filesystem) do not match" shows in VM Error 1911387 - Hit error - "Cannot read property 'value' of undefined" while creating VM from template 1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation 1911418 - [v2v] The target storage class name is not displayed if default storage class is used 1911434 - git ops empty state page displays icon with watermark 1911443 - SSH Cretifiaction field should be validated 1911465 - IOPS display wrong unit 1911474 - Devfile Application Group Does Not Delete Cleanly (errors) 1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController 1911574 - Expose volume mode on Upload Data form 1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined 1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel 1911656 - using 'operator-sdk run bundle' to install operator successfully, but the command output said 'Failed to run bundle'' 1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state 1911782 - Descheduler should not evict pod used local storage by the PVC 1911796 - uploading flow being displayed before submitting the form 1912066 - The ansible type operator's manager container is not stable when managing the CR 1912077 - helm operator's default rbac forbidden 1912115 - [automation] Analyze job keep failing because of 'JavaScript heap out of memory' 1912237 - Rebase CSI sidecars for 4.7 1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page 1912409 - Fix flow schema deployment 1912434 - Update guided tour modal title 1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken 1912523 - Standalone pod status not updating in topology graph 1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion 1912558 - TaskRun list and detail screen doesn't show Pending status 1912563 - p&f: carry 97206: clean up executing request on panic 1912565 - OLM macOS local build broken by moby/term dependency 1912567 - [OCP on RHV] Node becomes to 'NotReady' status when shutdown vm from RHV UI only on the second deletion 1912577 - 4.1/4.2->4.3->...-> 4.7 upgrade is stuck during 4.6->4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff 1912590 - publicImageRepository not being populated 1912640 - Go operator's controller pods is forbidden 1912701 - Handle dual-stack configuration for NIC IP 1912703 - multiple queries can't be plotted in the same graph under some conditons 1912730 - Operator backed: In-context should support visual connector if SBO is not installed 1912828 - Align High Performance VMs with High Performance in RHV-UI 1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates 1912852 - VM from wizard - available VM templates - "storage" field is "0 B" 1912888 - recycler template should be moved to KCM operator 1912907 - Helm chart repository index can contain unresolvable relative URL's 1912916 - Set external traffic policy to cluster for IBM platform 1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller 1912938 - Update confirmation modal for quick starts 1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment 1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment 1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver 1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver 1912977 - rebase upstream static-provisioner 1913006 - Remove etcd v2 specific alerts with etcd_http* metrics 1913011 - [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip 1913037 - update static-provisioner base image 1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state 1913085 - Regression OLM uses scoped client for CRD installation 1913096 - backport: cadvisor machine metrics are missing in k8s 1.19 1913132 - The installation of Openshift Virtualization reports success early before it 's succeeded eventually 1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root 1913196 - Guided Tour doesn't handle resizing of browser 1913209 - Support modal should be shown for community supported templates 1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort 1913249 - update info alert this template is not aditable 1913285 - VM list empty state should link to virtualization quick starts 1913289 - Rebase AWS EBS CSI driver for 4.7 1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled 1913297 - Remove restriction of taints for arbiter node 1913306 - unnecessary scroll bar is present on quick starts panel 1913325 - 1.20 rebase for openshift-apiserver 1913331 - Import from git: Fails to detect Java builder 1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used 1913343 - (release-4.7) Added changelog file for insights-operator 1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator 1913371 - Missing i18n key "Administrator" in namespace "console-app" and language "en." 1913386 - users can see metrics of namespaces for which they don't have rights when monitoring own services with prometheus user workloads 1913420 - Time duration setting of resources is not being displayed 1913536 - 4.6.9 -> 4.7 upgrade hangs. RHEL 7.9 worker stuck on "error enabling unit: Failed to execute operation: File exists\\n\" 1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase 1913560 - Normal user cannot load template on the new wizard 1913563 - "Virtual Machine" is not on the same line in create button when logged with normal user 1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table 1913568 - Normal user cannot create template 1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker 1913585 - Topology descriptive text fixes 1913608 - Table data contains data value None after change time range in graph and change back 1913651 - Improved Red Hat image and crashlooping OpenShift pod collection 1913660 - Change location and text of Pipeline edit flow alert 1913685 - OS field not disabled when creating a VM from a template 1913716 - Include additional use of existing libraries 1913725 - Refactor Insights Operator Plugin states 1913736 - Regression: fails to deploy computes when using root volumes 1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes 1913751 - add third-party network plugin test suite to openshift-tests 1913783 - QE-To fix the merging pr issue, commenting the afterEach() block 1913807 - Template support badge should not be shown for community supported templates 1913821 - Need definitive steps about uninstalling descheduler operator 1913851 - Cluster Tasks are not sorted in pipeline builder 1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists 1913951 - Update the Devfile Sample Repo to an Official Repo Host 1913960 - Cluster Autoscaler should use 1.20 dependencies 1913969 - Field dependency descriptor can sometimes cause an exception 1914060 - Disk created from 'Import via Registry' cannot be used as boot disk 1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy 1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks) 1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances 1914125 - Still using /dev/vde as default device path when create localvolume 1914183 - Empty NAD page is missing link to quickstarts 1914196 - target port in `from dockerfile` flow does nothing 1914204 - Creating VM from dev perspective may fail with template not found error 1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets 1914212 - [e2e][automation] Add test to validate bootable disk souce 1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes 1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows 1914287 - Bring back selfLink 1914301 - User VM Template source should show the same provider as template itself 1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs 1914309 - /terminal page when WTO not installed shows nonsensical error 1914334 - order of getting started samples is arbitrary 1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x 1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI 1914405 - Quick search modal should be opened when coming back from a selection 1914407 - Its not clear that node-ca is running as non-root 1914427 - Count of pods on the dashboard is incorrect 1914439 - Typo in SRIOV port create command example 1914451 - cluster-storage-operator pod running as root 1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true 1914642 - Customize Wizard Storage tab does not pass validation 1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling 1914793 - device names should not be translated 1914894 - Warn about using non-groupified api version 1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug 1914932 - Put correct resource name in relatedObjects 1914938 - PVC disk is not shown on customization wizard general tab 1914941 - VM Template rootdisk is not deleted after fetching default disk bus 1914975 - Collect logs from openshift-sdn namespace 1915003 - No estimate of average node readiness during lifetime of a cluster 1915027 - fix MCS blocking iptables rules 1915041 - s3:ListMultipartUploadParts is relied on implicitly 1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons 1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours 1915085 - Pods created and rapidly terminated get stuck 1915114 - [aws-c2s] worker machines are not create during install 1915133 - Missing default pinned nav items in dev perspective 1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource 1915187 - Remove the "Tech preview" tag in web-console for volumesnapshot 1915188 - Remove HostSubnet anonymization 1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment 1915217 - OKD payloads expect to be signed with production keys 1915220 - Remove dropdown workaround for user settings 1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure 1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod 1915277 - [e2e][automation]fix cdi upload form test 1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout 1915304 - Updating scheduling component builder & base images to be consistent with ART 1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node 1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection 1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod 1915357 - Dev Catalog doesn't load anything if virtualization operator is installed 1915379 - New template wizard should require provider and make support input a dropdown type 1915408 - Failure in operator-registry kind e2e test 1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation 1915460 - Cluster name size might affect installations 1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance 1915540 - Silent 4.7 RHCOS install failure on ppc64le 1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI) 1915582 - p&f: carry upstream pr 97860 1915594 - [e2e][automation] Improve test for disk validation 1915617 - Bump bootimage for various fixes 1915624 - "Please fill in the following field: Template provider" blocks customize wizard 1915627 - Translate Guided Tour text. 1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error 1915647 - Intermittent White screen when the connector dragged to revision 1915649 - "Template support" pop up is not a warning; checkbox text should be rephrased 1915654 - [e2e][automation] Add a verification for Afinity modal should hint "Matching node found" 1915661 - Can't run the 'oc adm prune' command in a pod 1915672 - Kuryr doesn't work with selfLink disabled. 1915674 - Golden image PVC creation - storage size should be taken from the template 1915685 - Message for not supported template is not clear enough 1915760 - Need to increase timeout to wait rhel worker get ready 1915793 - quick starts panel syncs incorrectly across browser windows 1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster 1915818 - vsphere-problem-detector: use "_totals" in metrics 1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol 1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version 1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0 1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics 1915885 - Kuryr doesn't support workers running on multiple subnets 1915898 - TaskRun log output shows "undefined" in streaming 1915907 - test/cmd/builds.sh uses docker.io 1915912 - sig-storage-csi-snapshotter image not available 1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART 1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard 1915939 - Resizing the browser window removes Web Terminal Icon 1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance] 1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7 1915962 - ROKS: manifest with machine health check fails to apply in 4.7 1915972 - Global configuration breadcrumbs do not work as expected 1915981 - Install ethtool and conntrack in container for debugging 1915995 - "Edit RoleBinding Subject" action under RoleBinding list page kebab actions causes unhandled exception 1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups 1916021 - OLM enters infinite loop if Pending CSV replaces itself 1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry 1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert's annotations 1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk 1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration 1916145 - Explicitly set minimum versions of python libraries 1916164 - Update csi-driver-nfs builder & base images to be consistent with ART 1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7 1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third 1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2 1916379 - error metrics from vsphere-problem-detector should be gauge 1916382 - Can't create ext4 filesystems with Ignition 1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving 'verified: false' even for verified updates 1916401 - Deleting an ingress controller with a bad DNS Record hangs 1916417 - [Kuryr] Must-gather does not have all Custom Resources information 1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image 1916454 - teach CCO about upgradeability from 4.6 to 4.7 1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation 1916502 - Boot disk mirroring fails with mdadm error 1916524 - Two rootdisk shows on storage step 1916580 - Default yaml is broken for VM and VM template 1916621 - oc adm node-logs examples are wrong 1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret. 1916692 - Possibly fails to destroy LB and thus cluster 1916711 - Update Kube dependencies in MCO to 1.20.0 1916747 - remove links to quick starts if virtualization operator isn't updated to 2.6 1916764 - editing a workload with no application applied, will auto fill the app 1916834 - Pipeline Metrics - Text Updates 1916843 - collect logs from openshift-sdn-controller pod 1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed 1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually 1916888 - OCS wizard Donor chart does not get updated when `Device Type` is edited 1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error "Forbidden: cannot specify lbFloatingIP and apiFloatingIP together" 1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace 1917101 - [UPI on oVirt] - 'RHCOS image' topic isn't located in the right place in UPI document 1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to '"ProxyConfigController" controller failed to sync "key"' error 1917117 - Common templates - disks screen: invalid disk name 1917124 - Custom template - clone existing PVC - the name of the target VM's data volume is hard-coded; only one VM can be created 1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator 1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. 1917148 - [oVirt] Consume 23-10 ovirt sdk 1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened 1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console 1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory 1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7 1917327 - annotations.message maybe wrong for NTOPodsNotReady alert 1917367 - Refactor periodic.go 1917371 - Add docs on how to use the built-in profiler 1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console 1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui 1917484 - [BM][IPI] Failed to scale down machineset 1917522 - Deprecate --filter-by-os in oc adm catalog mirror 1917537 - controllers continuously busy reconciling operator 1917551 - use min_over_time for vsphere prometheus alerts 1917585 - OLM Operator install page missing i18n 1917587 - Manila CSI operator becomes degraded if user doesn't have permissions to list share types 1917605 - Deleting an exgw causes pods to no longer route to other exgws 1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API 1917656 - Add to Project/application for eventSources from topology shows 404 1917658 - Show TP badge for sources powered by camel connectors in create flow 1917660 - Editing parallelism of job get error info 1917678 - Could not provision pv when no symlink and target found on rhel worker 1917679 - Hide double CTA in admin pipelineruns tab 1917683 - `NodeTextFileCollectorScrapeError` alert in OCP 4.6 cluster. 1917759 - Console operator panics after setting plugin that does not exists to the console-operator config 1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0 1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0 1917799 - Gather s list of names and versions of installed OLM operators 1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error 1917814 - Show Broker create option in eventing under admin perspective 1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types 1917872 - [oVirt] rebase on latest SDK 2021-01-12 1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image 1917938 - upgrade version of dnsmasq package 1917942 - Canary controller causes panic in ingress-operator 1918019 - Undesired scrollbars in markdown area of QuickStart 1918068 - Flaky olm integration tests 1918085 - reversed name of job and namespace in cvo log 1918112 - Flavor is not editable if a customize VM is created from cli 1918129 - Update IO sample archive with missing resources & remove IP anonymization from clusteroperator resources 1918132 - i18n: Volume Snapshot Contents menu is not translated 1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2 1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn't be installed on OSP 1918153 - When `&` character is set as an environment variable in a build config it is getting converted as `\u0026` 1918185 - Capitalization on PLR details page 1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections 1918318 - Kamelet connector's are not shown in eventing section under Admin perspective 1918351 - Gather SAP configuration (SCC & ClusterRoleBinding) 1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews 1918395 - [ovirt] increase livenessProbe period 1918415 - MCD nil pointer on dropins 1918438 - [ja_JP, zh_CN] Serverless i18n misses 1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig 1918471 - CustomNoUpgrade Feature gates are not working correctly 1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk 1918622 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART 1918623 - Updating ose-jenkins-agent-nodejs-12 builder & base images to be consistent with ART 1918625 - Updating ose-jenkins-agent-nodejs-10 builder & base images to be consistent with ART 1918635 - Updating openshift-jenkins-2 builder & base images to be consistent with ART #1197 1918639 - Event listener with triggerRef crashes the console 1918648 - Subscription page doesn't show InstallPlan correctly 1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack 1918748 - helmchartrepo is not http(s)_proxy-aware 1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI 1918803 - Need dedicated details page w/ global config breadcrumbs for 'KnativeServing' plugin 1918826 - Insights popover icons are not horizontally aligned 1918879 - need better debug for bad pull secrets 1918958 - The default NMstate instance from the operator is incorrect 1919097 - Close bracket ")" missing at the end of the sentence in the UI 1919231 - quick search modal cut off on smaller screens 1919259 - Make "Add x" singular in Pipeline Builder 1919260 - VM Template list actions should not wrap 1919271 - NM prepender script doesn't support systemd-resolved 1919341 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART 1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry 1919379 - dotnet logo out of date 1919387 - Console login fails with no error when it can't write to localStorage 1919396 - A11y Violation: svg-img-alt on Pod Status ring 1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren't verified 1919750 - Search InstallPlans got Minified React error 1919778 - Upgrade is stuck in insights operator Degraded with "Source clusterconfig could not be retrieved" until insights operator pod is manually deleted 1919823 - OCP 4.7 Internationalization Chinese tranlate issue 1919851 - Visualization does not render when Pipeline & Task share same name 1919862 - The tip information for `oc new-project --skip-config-write` is wrong 1919876 - VM created via customize wizard cannot inherit template's PVC attributes 1919877 - Click on KSVC breaks with white screen 1919879 - The toolbox container name is changed from 'toolbox-root' to 'toolbox-' in a chroot environment 1919945 - user entered name value overridden by default value when selecting a git repository 1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference 1919970 - NTO does not update when the tuned profile is updated. 1919999 - Bump Cluster Resource Operator Golang Versions 1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration 1920200 - user-settings network error results in infinite loop of requests 1920205 - operator-registry e2e tests not working properly 1920214 - Bump golang to 1.15 in cluster-resource-override-admission 1920248 - re-running the pipelinerun with pipelinespec crashes the UI 1920320 - VM template field is "Not available" if it's created from common template 1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode is `Disk Mode` 1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs 1920390 - Monitoring > Metrics graph shifts to the left when clicking the "Stacked" option and when toggling data series lines on / off 1920426 - Egress Router CNI OWNERS file should have ovn-k team members 1920427 - Need to update `oc login` help page since we don't support prompt interactively for the username 1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time 1920438 - openshift-tuned panics on turning debugging on/off. 1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn 1920481 - kuryr-cni pods using unreasonable amount of CPU 1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof 1920524 - Topology graph crashes adding Open Data Hub operator 1920526 - catalog operator causing CPU spikes and bad etcd performance 1920551 - Boot Order is not editable for Templates in "openshift" namespace 1920555 - bump cluster-resource-override-admission api dependencies 1920571 - fcp multipath will not recover failed paths automatically 1920619 - Remove default scheduler profile value 1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present 1920674 - MissingKey errors in bindings namespace 1920684 - Text in language preferences modal is misleading 1920695 - CI is broken because of bad image registry reference in the Makefile 1920756 - update generic-admission-server library to get the system:masters authorization optimization 1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for "network-check-target" failed when "defaultNodeSelector" is set 1920771 - i18n: Delete persistent volume claim drop down is not translated 1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI 1920912 - Unable to power off BMH from console 1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by "2" 1920984 - [e2e][automation] some menu items names are out dated 1921013 - Gather PersistentVolume definition (if any) used in image registry config 1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior) 1921087 - 'start next quick start' link doesn't work and is unintuitive 1921088 - test-cmd is failing on volumes.sh pretty consistently 1921248 - Clarify the kubelet configuration cr description 1921253 - Text filter default placeholder text not internationalized 1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window 1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo 1921277 - Fix Warning and Info log statements to handle arguments 1921281 - oc get -o yaml --export returns "error: unknown flag: --export" 1921458 - [SDK] Gracefully handle the `run bundle-upgrade` if the lower version operator doesn't exist 1921556 - [OCS with Vault]: OCS pods didn't comeup after deploying with Vault details from UI 1921572 - For external source (i.e GitHub Source) form view as well shows yaml 1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass 1921610 - Pipeline metrics font size inconsistency 1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1921655 - [OSP] Incorrect error handling during cloudinfo generation 1921713 - [e2e][automation] fix failing VM migration tests 1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view 1921774 - delete application modal errors when a resource cannot be found 1921806 - Explore page APIResourceLinks aren't i18ned 1921823 - CheckBoxControls not internationalized 1921836 - AccessTableRows don't internationalize "User" or "Group" 1921857 - Test flake when hitting router in e2e tests due to one router not being up to date 1921880 - Dynamic plugins are not initialized on console load in production mode 1921911 - Installer PR #4589 is causing leak of IAM role policy bindings 1921921 - "Global Configuration" breadcrumb does not use sentence case 1921949 - Console bug - source code URL broken for gitlab self-hosted repositories 1921954 - Subscription-related constraints in ResolutionFailed events are misleading 1922015 - buttons in modal header are invisible on Safari 1922021 - Nodes terminal page 'Expand' 'Collapse' button not translated 1922050 - [e2e][automation] Improve vm clone tests 1922066 - Cannot create VM from custom template which has extra disk 1922098 - Namespace selection dialog is not closed after select a namespace 1922099 - Updated Readme documentation for QE code review and setup 1922146 - Egress Router CNI doesn't have logging support. 1922267 - Collect specific ADFS error 1922292 - Bump RHCOS boot images for 4.7 1922454 - CRI-O doesn't enable pprof by default 1922473 - reconcile LSO images for 4.8 1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace 1922782 - Source registry missing docker:// in yaml 1922907 - Interop UI Tests - step implementation for updating feature files 1922911 - Page crash when click the "Stacked" checkbox after clicking the data series toggle buttons 1922991 - "verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build" test fails on OKD 1923003 - WebConsole Insights widget showing "Issues pending" when the cluster doesn't report anything 1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources 1923102 - [vsphere-problem-detector-operator] pod's version is not correct 1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot 1923674 - k8s 1.20 vendor dependencies 1923721 - PipelineRun running status icon is not rotating 1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios 1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator 1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator 1923874 - Unable to specify values with % in kubeletconfig 1923888 - Fixes error metadata gathering 1923892 - Update arch.md after refactor. 1923894 - "installed" operator status in operatorhub page does not reflect the real status of operator 1923895 - Changelog generation. 1923911 - [e2e][automation] Improve tests for vm details page and list filter 1923945 - PVC Name and Namespace resets when user changes os/flavor/workload 1923951 - EventSources shows `undefined` in project 1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins 1924046 - Localhost: Refreshing on a Project removes it from nav item urls 1924078 - Topology quick search View all results footer should be sticky. 1924081 - NTO should ship the latest Tuned daemon release 2.15 1924084 - backend tests incorrectly hard-code artifacts dir 1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build 1924135 - Under sufficient load, CRI-O may segfault 1924143 - Code Editor Decorator url is broken for Bitbucket repos 1924188 - Language selector dropdown doesn't always pre-select the language 1924365 - Add extra disk for VM which use boot source PXE 1924383 - Degraded network operator during upgrade to 4.7.z 1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box. 1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on 1924583 - Deprectaed templates are listed in the Templates screen 1924870 - pick upstream pr#96901: plumb context with request deadline 1924955 - Images from Private external registry not working in deploy Image 1924961 - k8sutil.TrimDNS1123Label creates invalid values 1924985 - Build egress-router-cni for both RHEL 7 and 8 1925020 - Console demo plugin deployment image shoult not point to dockerhub 1925024 - Remove extra validations on kafka source form view net section 1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running 1925072 - NTO needs to ship the current latest stalld v1.7.0 1925163 - Missing info about dev catalog in boot source template column 1925200 - Monitoring Alert icon is missing on the workload in Topology view 1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1 1925319 - bash syntax error in configure-ovs.sh script 1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data 1925516 - Pipeline Metrics Tooltips are overlapping data 1925562 - Add new ArgoCD link from GitOps application environments page 1925596 - Gitops details page image and commit id text overflows past card boundary 1926556 - 'excessive etcd leader changes' test case failing in serial job because prometheus data is wiped by machine set test 1926588 - The tarball of operator-sdk is not ready for ocp4.7 1927456 - 4.7 still points to 4.6 catalog images 1927500 - API server exits non-zero on 2 SIGTERM signals 1929278 - Monitoring workloads using too high a priorityclass 1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api 1929920 - Cluster monitoring documentation link is broken - 404 not found 5. References: https://access.redhat.com/security/cve/CVE-2018-10103 https://access.redhat.com/security/cve/CVE-2018-10105 https://access.redhat.com/security/cve/CVE-2018-14461 https://access.redhat.com/security/cve/CVE-2018-14462 https://access.redhat.com/security/cve/CVE-2018-14463 https://access.redhat.com/security/cve/CVE-2018-14464 https://access.redhat.com/security/cve/CVE-2018-14465 https://access.redhat.com/security/cve/CVE-2018-14466 https://access.redhat.com/security/cve/CVE-2018-14467 https://access.redhat.com/security/cve/CVE-2018-14468 https://access.redhat.com/security/cve/CVE-2018-14469 https://access.redhat.com/security/cve/CVE-2018-14470 https://access.redhat.com/security/cve/CVE-2018-14553 https://access.redhat.com/security/cve/CVE-2018-14879 https://access.redhat.com/security/cve/CVE-2018-14880 https://access.redhat.com/security/cve/CVE-2018-14881 https://access.redhat.com/security/cve/CVE-2018-14882 https://access.redhat.com/security/cve/CVE-2018-16227 https://access.redhat.com/security/cve/CVE-2018-16228 https://access.redhat.com/security/cve/CVE-2018-16229 https://access.redhat.com/security/cve/CVE-2018-16230 https://access.redhat.com/security/cve/CVE-2018-16300 https://access.redhat.com/security/cve/CVE-2018-16451 https://access.redhat.com/security/cve/CVE-2018-16452 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-3884 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-6977 https://access.redhat.com/security/cve/CVE-2019-6978 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9455 https://access.redhat.com/security/cve/CVE-2019-9458 https://access.redhat.com/security/cve/CVE-2019-11068 https://access.redhat.com/security/cve/CVE-2019-12614 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15166 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-15917 https://access.redhat.com/security/cve/CVE-2019-15925 https://access.redhat.com/security/cve/CVE-2019-16167 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16231 https://access.redhat.com/security/cve/CVE-2019-16233 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-17450 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-18808 https://access.redhat.com/security/cve/CVE-2019-18809 https://access.redhat.com/security/cve/CVE-2019-19046 https://access.redhat.com/security/cve/CVE-2019-19056 https://access.redhat.com/security/cve/CVE-2019-19062 https://access.redhat.com/security/cve/CVE-2019-19063 https://access.redhat.com/security/cve/CVE-2019-19068 https://access.redhat.com/security/cve/CVE-2019-19072 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19319 https://access.redhat.com/security/cve/CVE-2019-19332 https://access.redhat.com/security/cve/CVE-2019-19447 https://access.redhat.com/security/cve/CVE-2019-19524 https://access.redhat.com/security/cve/CVE-2019-19533 https://access.redhat.com/security/cve/CVE-2019-19537 https://access.redhat.com/security/cve/CVE-2019-19543 https://access.redhat.com/security/cve/CVE-2019-19602 https://access.redhat.com/security/cve/CVE-2019-19767 https://access.redhat.com/security/cve/CVE-2019-19770 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20054 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20386 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20636 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20812 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-0305 https://access.redhat.com/security/cve/CVE-2020-0444 https://access.redhat.com/security/cve/CVE-2020-1716 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2922 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3898 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-7774 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-8563 https://access.redhat.com/security/cve/CVE-2020-8566 https://access.redhat.com/security/cve/CVE-2020-8619 https://access.redhat.com/security/cve/CVE-2020-8622 https://access.redhat.com/security/cve/CVE-2020-8623 https://access.redhat.com/security/cve/CVE-2020-8624 https://access.redhat.com/security/cve/CVE-2020-8647 https://access.redhat.com/security/cve/CVE-2020-8648 https://access.redhat.com/security/cve/CVE-2020-8649 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-10732 https://access.redhat.com/security/cve/CVE-2020-10749 https://access.redhat.com/security/cve/CVE-2020-10751 https://access.redhat.com/security/cve/CVE-2020-10763 https://access.redhat.com/security/cve/CVE-2020-10773 https://access.redhat.com/security/cve/CVE-2020-10774 https://access.redhat.com/security/cve/CVE-2020-10942 https://access.redhat.com/security/cve/CVE-2020-11565 https://access.redhat.com/security/cve/CVE-2020-11668 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-12465 https://access.redhat.com/security/cve/CVE-2020-12655 https://access.redhat.com/security/cve/CVE-2020-12659 https://access.redhat.com/security/cve/CVE-2020-12770 https://access.redhat.com/security/cve/CVE-2020-12826 https://access.redhat.com/security/cve/CVE-2020-13249 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14019 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14381 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15157 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15862 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2020-16166 https://access.redhat.com/security/cve/CVE-2020-24490 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25641 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/cve/CVE-2020-25661 https://access.redhat.com/security/cve/CVE-2020-25662 https://access.redhat.com/security/cve/CVE-2020-25681 https://access.redhat.com/security/cve/CVE-2020-25682 https://access.redhat.com/security/cve/CVE-2020-25683 https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2020-25687 https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/cve/CVE-2020-26160 https://access.redhat.com/security/cve/CVE-2020-27813 https://access.redhat.com/security/cve/CVE-2020-27846 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2020-29652 https://access.redhat.com/security/cve/CVE-2021-2007 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T lmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H EmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8 4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4 mWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL ISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy Ae5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk 4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM uR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG krzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv RjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6 McvuEaxco7U= =sw8i -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-4252-2 January 27, 2020 tcpdump vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in tcpdump. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Multiple security issues were discovered in tcpdump. A remote attacker could use these issues to cause tcpdump to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: tcpdump 4.9.3-0ubuntu0.14.04.1+esm1 Ubuntu 12.04 ESM: tcpdump 4.9.3-0ubuntu0.12.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/): 1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from `oc explain` 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. The following packages have been upgraded to a later upstream version: tcpdump (4.9.3). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7
var-201410-1319 Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. Python is prone to an integer-overflow vulnerability because it fails to properly bounds check user-supplied input before copying it into an insufficiently sized buffer. Attackers can exploit this issue to obtain potentially sensitive information or cause a denial-of-service condition. Versions prior to Python 2.7.8 are vulnerable. The language is scalable, supports modules and packages, and supports multiple platforms. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/python < 3.3.5-r1 *>= 2.7.9-r1 >= 3.3.5-r1 Description =========== Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Python 3.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/python-3.3.5-r1" All Python 2.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.9-r1" References ========== [ 1 ] CVE-2013-1752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1752 [ 2 ] CVE-2013-7338 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7338 [ 3 ] CVE-2014-1912 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1912 [ 4 ] CVE-2014-2667 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2667 [ 5 ] CVE-2014-4616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4616 [ 6 ] CVE-2014-7185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7185 [ 7 ] CVE-2014-9365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9365 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201503-10 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. ============================================================================ Ubuntu Security Notice USN-2653-1 June 25, 2015 python2.7, python3.2, python3.4 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Python. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: python2.7 2.7.8-10ubuntu1.1 python2.7-minimal 2.7.8-10ubuntu1.1 python3.4 3.4.2-1ubuntu0.1 python3.4-minimal 3.4.2-1ubuntu0.1 Ubuntu 14.04 LTS: python2.7 2.7.6-8ubuntu0.2 python2.7-minimal 2.7.6-8ubuntu0.2 python3.4 3.4.0-2ubuntu1.1 python3.4-minimal 3.4.0-2ubuntu1.1 Ubuntu 12.04 LTS: python2.7 2.7.3-0ubuntu3.8 python2.7-minimal 2.7.3-0ubuntu3.8 python3.2 3.2.3-0ubuntu3.7 python3.2-minimal 3.2.3-0ubuntu3.7 In general, a standard system update will make all the necessary changes. 7) - noarch, x86_64 3. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. The python27-python packages have been upgraded to upstream version 2.7.8, which provides numerous bug fixes over the previous version. (BZ#1167912) The following security issues were fixed in the python27-python component: It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. (CVE-2014-4616) In addition, this update adds the following enhancement: * The python27 Software Collection now includes the python-wheel and python-pip modules. All running python27 instances must be restarted for this update to take effect. 6) - i386, x86_64 3. Space precludes documenting all of these changes in this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python security, bug fix, and enhancement update Advisory ID: RHSA-2015:2101-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2101.html Issue date: 2015-11-19 CVE Names: CVE-2013-1752 CVE-2013-1753 CVE-2014-4616 CVE-2014-4650 CVE-2014-7185 ===================================================================== 1. Summary: Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108) This update also fixes the following bugs: * Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an "Invalid argument" error. Subprocesses have been fixed to close the file descriptors only once. (BZ#1103452) * When importing the readline module from a Python script, Python no longer produces erroneous random characters on stdout. (BZ#1189301) * The cProfile utility has been fixed to print all values that the "-s" option supports when this option is used without a correct value. (BZ#1237107) * The load_cert_chain() function now accepts "None" as a keyfile argument. (BZ#1250611) In addition, this update adds the following enhancements: * Security enhancements as described in PEP 466 have been backported to the Python standard library, for example, new features of the ssl module: Server Name Indication (SNI) support, support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and many more. (BZ#1111461) * Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl library. (BZ#1192015) * The ssl.SSLSocket.version() method is now available to access information about the version of the SSL protocol used in a connection. (BZ#1259421) All python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1046170 - CVE-2013-1753 python: XMLRPC library unrestricted decompression of HTTP responses using gzip enconding 1046174 - CVE-2013-1752 python: multiple unbound readline() DoS flaws in python stdlib 1058482 - tmpwatch removes python multiprocessing sockets 1112285 - CVE-2014-4616 python: missing boundary check in JSON module 1113527 - CVE-2014-4650 python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs 1146026 - CVE-2014-7185 python: buffer() integer overflow leading to out of bounds read 1173041 - CVE-2014-9365 python: failure to validate certificates in the HTTP client with TLS (PEP 476) 1177613 - setup.py bdist_rpm NameError: global name 'get_python_version' is not defined 1181624 - multiprocessing BaseManager serve_client() does not check EINTR on recv 1237107 - cProfile main() traceback if options syntax is invalid 1250611 - SSLContext.load_cert_chain() keyfile argument can't be set to None 1259421 - Backport SSLSocket.version() to python 2.7.5 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: python-2.7.5-34.el7.src.rpm x86_64: python-2.7.5-34.el7.x86_64.rpm python-debuginfo-2.7.5-34.el7.i686.rpm python-debuginfo-2.7.5-34.el7.x86_64.rpm python-libs-2.7.5-34.el7.i686.rpm python-libs-2.7.5-34.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: python-debug-2.7.5-34.el7.x86_64.rpm python-debuginfo-2.7.5-34.el7.x86_64.rpm python-devel-2.7.5-34.el7.x86_64.rpm python-test-2.7.5-34.el7.x86_64.rpm python-tools-2.7.5-34.el7.x86_64.rpm tkinter-2.7.5-34.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: python-2.7.5-34.el7.src.rpm x86_64: python-2.7.5-34.el7.x86_64.rpm python-debuginfo-2.7.5-34.el7.i686.rpm python-debuginfo-2.7.5-34.el7.x86_64.rpm python-devel-2.7.5-34.el7.x86_64.rpm python-libs-2.7.5-34.el7.i686.rpm python-libs-2.7.5-34.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: python-debug-2.7.5-34.el7.x86_64.rpm python-debuginfo-2.7.5-34.el7.x86_64.rpm python-test-2.7.5-34.el7.x86_64.rpm python-tools-2.7.5-34.el7.x86_64.rpm tkinter-2.7.5-34.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: python-2.7.5-34.el7.src.rpm aarch64: python-2.7.5-34.el7.aarch64.rpm python-debuginfo-2.7.5-34.el7.aarch64.rpm python-devel-2.7.5-34.el7.aarch64.rpm python-libs-2.7.5-34.el7.aarch64.rpm ppc64: python-2.7.5-34.el7.ppc64.rpm python-debuginfo-2.7.5-34.el7.ppc.rpm python-debuginfo-2.7.5-34.el7.ppc64.rpm python-devel-2.7.5-34.el7.ppc64.rpm python-libs-2.7.5-34.el7.ppc.rpm python-libs-2.7.5-34.el7.ppc64.rpm ppc64le: python-2.7.5-34.el7.ppc64le.rpm python-debuginfo-2.7.5-34.el7.ppc64le.rpm python-devel-2.7.5-34.el7.ppc64le.rpm python-libs-2.7.5-34.el7.ppc64le.rpm s390x: python-2.7.5-34.el7.s390x.rpm python-debuginfo-2.7.5-34.el7.s390.rpm python-debuginfo-2.7.5-34.el7.s390x.rpm python-devel-2.7.5-34.el7.s390x.rpm python-libs-2.7.5-34.el7.s390.rpm python-libs-2.7.5-34.el7.s390x.rpm x86_64: python-2.7.5-34.el7.x86_64.rpm python-debuginfo-2.7.5-34.el7.i686.rpm python-debuginfo-2.7.5-34.el7.x86_64.rpm python-devel-2.7.5-34.el7.x86_64.rpm python-libs-2.7.5-34.el7.i686.rpm python-libs-2.7.5-34.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: python-debug-2.7.5-34.el7.aarch64.rpm python-debuginfo-2.7.5-34.el7.aarch64.rpm python-test-2.7.5-34.el7.aarch64.rpm python-tools-2.7.5-34.el7.aarch64.rpm tkinter-2.7.5-34.el7.aarch64.rpm ppc64: python-debug-2.7.5-34.el7.ppc64.rpm python-debuginfo-2.7.5-34.el7.ppc64.rpm python-test-2.7.5-34.el7.ppc64.rpm python-tools-2.7.5-34.el7.ppc64.rpm tkinter-2.7.5-34.el7.ppc64.rpm ppc64le: python-debug-2.7.5-34.el7.ppc64le.rpm python-debuginfo-2.7.5-34.el7.ppc64le.rpm python-test-2.7.5-34.el7.ppc64le.rpm python-tools-2.7.5-34.el7.ppc64le.rpm tkinter-2.7.5-34.el7.ppc64le.rpm s390x: python-debug-2.7.5-34.el7.s390x.rpm python-debuginfo-2.7.5-34.el7.s390x.rpm python-test-2.7.5-34.el7.s390x.rpm python-tools-2.7.5-34.el7.s390x.rpm tkinter-2.7.5-34.el7.s390x.rpm x86_64: python-debug-2.7.5-34.el7.x86_64.rpm python-debuginfo-2.7.5-34.el7.x86_64.rpm python-test-2.7.5-34.el7.x86_64.rpm python-tools-2.7.5-34.el7.x86_64.rpm tkinter-2.7.5-34.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: python-2.7.5-34.el7.src.rpm x86_64: python-2.7.5-34.el7.x86_64.rpm python-debuginfo-2.7.5-34.el7.i686.rpm python-debuginfo-2.7.5-34.el7.x86_64.rpm python-devel-2.7.5-34.el7.x86_64.rpm python-libs-2.7.5-34.el7.i686.rpm python-libs-2.7.5-34.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: python-debug-2.7.5-34.el7.x86_64.rpm python-debuginfo-2.7.5-34.el7.x86_64.rpm python-test-2.7.5-34.el7.x86_64.rpm python-tools-2.7.5-34.el7.x86_64.rpm tkinter-2.7.5-34.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-1752 https://access.redhat.com/security/cve/CVE-2013-1753 https://access.redhat.com/security/cve/CVE-2014-4616 https://access.redhat.com/security/cve/CVE-2014-4650 https://access.redhat.com/security/cve/CVE-2014-7185 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/2039753 https://www.python.org/dev/peps/pep-0466/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWTj/SXlSAg2UNWIIRAuXcAKCCJdw1P4H3y4fnhu6lXW2AcADYJgCfRO+v qMX3qLAXBobeDiPX4eN9Pxc= =JQMw -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFURgY6mqjQ0CJFipgRAvwgAKDXcnHrFfvCfHLE8+K8hm5c36UF2QCg2paU ZKHEaBTvKIYVDsnVIp/qdrA= =zMF9 -----END PGP SIGNATURE-----
var-200906-0598 Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size. (DoS) There is a vulnerability that becomes a condition.Denial of service due to crafted frame size (DoS) There is a possibility of being put into a state. The NFSv4 implementation is one of the distributed file system protocols. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2009-0016 Synopsis: VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components Issue date: 2009-11-20 Updated on: 2009-11-20 (initial release of advisory) CVE numbers: --- JRE --- CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671 CVE-2009-2672 CVE-2009-2673 CVE-2009-2675 CVE-2009-2676 CVE-2009-2716 CVE-2009-2718 CVE-2009-2719 CVE-2009-2720 CVE-2009-2721 CVE-2009-2722 CVE-2009-2723 CVE-2009-2724 --- Tomcat --- CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CVE-2007-5333 CVE-2007-5342 CVE-2007-5461 CVE-2007-6286 CVE-2008-0002 --- ntp --- CVE-2009-1252 CVE-2009-0159 --- kernel --- CVE-2008-3528 CVE-2008-5700 CVE-2009-0028 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0778 CVE-2008-4307 CVE-2009-0834 CVE-2009-1337 CVE-2009-0787 CVE-2009-1336 CVE-2009-1439 CVE-2009-1633 CVE-2009-1072 CVE-2009-1630 CVE-2009-1192 CVE-2007-5966 CVE-2009-1385 CVE-2009-1388 CVE-2009-1389 CVE-2009-1895 CVE-2009-2406 CVE-2009-2407 CVE-2009-2692 CVE-2009-2698 CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748 CVE-2009-2847 CVE-2009-2848 --- python --- CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 --- bind --- CVE-2009-0696 --- libxml and libxml2 --- CVE-2009-2414 CVE-2009-2416 --- curl -- CVE-2009-2417 --- gnutil --- CVE-2007-2052 - ----------------------------------------------------------------------- 1. Summary Updated Java JRE packages and Tomcat packages address several security issues. Updates for the ESX Service Console and vMA include kernel, ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is also updated for ESXi userworlds. 2. Relevant releases vCenter Server 4.0 before Update 1 ESXi 4.0 without patch ESXi400-200911201-UG ESX 4.0 without patches ESX400-200911201-UG, ESX400-200911223-UG, ESX400-200911232-SG, ESX400-200911233-SG, ESX400-200911234-SG, ESX400-200911235-SG, ESX400-200911237-SG, ESX400-200911238-SG vMA 4.0 before patch 02 3. Problem Description a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.0 Windows Update 1 VirtualCenter 2.5 Windows affected, patch pending VirtualCenter 2.0.2 Windows affected, patch pending Workstation any any not affected Player any any not affected Server 2.0 any affected, patch pending Server 1.0 any not affected ACE any any not affected Fusion any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-200911223-UG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 2 * * vMA JRE is updated to version JRE 1.5.0_21 Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network. Security best practices provided by VMware recommend that the Service Console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. The currently installed version of JRE depends on your patch deployment history. b. Update Apache Tomcat version to 6.0.20 Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ======== ======== ======= ======================= vCenter 4.0 Windows Update 1 VirtualCenter 2.5 Windows affected, patch pending VirtualCenter 2.0.2 Windows affected, patch pending Workstation any any not affected Player any any not affected ACE any Windows not affected Server 2.x any affected, patch pending Server 1.x any not affected Fusion any Mac OS/X not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-200911223-UG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 not affected Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network. Security best practices provided by VMware recommend that the Service Console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. The currently installed version of Tomcat depends on your patch deployment history. c. Third party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the following security issue. Note that the same security issue is present in the ESX Service Console as described in section d. of this advisory. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue. The NTP security issue identified by CVE-2009-0159 is not relevant for ESXi 3.5 and ESXi 4.0. The following table lists what action remediates the vulnerability in this component (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi 4.0 ESXi ESXi400-200911201-UG ESXi 3.5 ESXi affected, patch pending ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 not affected * hosted products are VMware Workstation, Player, ACE, Server, Fusion. d. Service Console update for ntp Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2 The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. The Service Console present in ESX is affected by the following security issues. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user. NTP authentication is not enabled by default on the Service Console. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue. A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0159 to this issue. The following table lists what action remediates the vulnerability in the Service Console (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-200911238-SG ESX 3.5 ESX affected, patch pending ** ESX 3.0.3 ESX affected, patch pending ** ESX 2.5.5 ESX affected, patch pending ** vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. ** The service consoles of ESX 2.5.5, ESX 3.0.3 and ESX 3.5 are not affected by CVE-2009-1252. The security issue identified by CVE-2009-0159 has a low impact on the service console of ESX 2.5.5, ESX 3.0.3 and ESX 3.5. e. Updated Service Console package kernel Updated Service Console package kernel addresses the security issues below. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0778 to the security issues fixed in kernel 2.6.18-128.1.6. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337, CVE-2009-0787, CVE-2009-1336 to the security issues fixed in kernel 2.6.18-128.1.10. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072, CVE-2009-1630, CVE-2009-1192 to the security issues fixed in kernel 2.6.18-128.1.14. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388, CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the security issues fixed in kernel 2.6.18-128.4.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2692, CVE-2009-2698 to the security issues fixed in kernel 2.6.18-128.7.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues fixed in kernel 2.6.18-164. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911201-UG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable ESX 2.5.5 ESX not applicable vMA 4.0 RHEL5 Patch 2 ** * hosted products are VMware Workstation, Player, ACE, Server, Fusion. ** vMA is updated to kernel version 2.6.18-164. f. Updated Service Console package python Service Console package Python update to version 2.4.3-24.el5. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. Multiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service. Multiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute arbitrary code with the Python interpreter's privileges. Multiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). Multiple integer overflow flaws were found in various Python modules. An attacker could use these flaws to cause a denial of service. An integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. A flaw was discovered in the strxfrm() function of the Python locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911235-SG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. g. Updated Service Console package bind Service Console package bind updated to version 9.3.6-4.P1.el5 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handles dynamic update message packets containing the "ANY" record type. A remote attacker could use this flaw to send a specially-crafted dynamic update packet that could cause named to exit with an assertion failure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0696 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911237-SG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. h. Updated Service Console package libxml2 Service Console package libxml2 updated to version 2.6.26-2.1.2.8. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially-crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service. Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially-crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2414 and CVE-2009-2416 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911234-SG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. i. Updated Service Console package curl Service Console package curl updated to version 7.15.5-2.1.el5_3.5 A cURL is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse cURL into accepting it by mistake. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2417 to this issue The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911232-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. j. Updated Service Console package gnutls Service Console package gnutil updated to version 1.4.1-3.el5_3.5 A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2730 to this issue The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi any ESXi not applicable ESX 4.0 ESX ESX400-200911233-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 Patch 2 * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. VMware vCenter Server 4 Update 1 -------------------------------- Version 4.0 Update 1 Build Number 208156 Release Date 2009/11/19 Type Product Binaries http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1 VMware vCenter Server 4 and modules File size: 1.8 GB File type: .iso MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5 SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1 VMware vCenter Server 4 and modules File size: 1.5 GB File type: .zip MD5SUM: f843d9c19795eb3bc5a77f5c545468a8 SHA1SUM: 9a7abd8e70bd983151e2ee40e1b3931525c4480c VMware vSphere Client and Host Update Utility File size: 113.8 MB File type: .exe MD5SUM: 6cc6b2c958e7e9529c284e48dfae22a9 SHA1SUM: f4c19c63a75d93cffc57b170066358160788c959 VMware vCenter Converter BootCD File size: 98.8 MB File type: .zip MD5SUM: 3df94eb0e93de76b0389132ada2a3799 SHA1SUM: 5d7c04e4f9f8ae25adc8de5963fefd8a4c92464c VMware vCenter Converter CLI (Linux) File size: 36.9 MB File type: .tar.gz MD5SUM: 3766097563936ba5e03e87e898f6bd48 SHA1SUM: 36d485bdb5eb279296ce8c8523df04bfb12a2cb4 ESXi 4.0 Update 1 ----------------- ESXi400-200911201-UG https://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip md5sum:c6fdd6722d9e5cacb280bdcc2cca0627 sha1sum:de9d4875f86b6493f9da991a8cff37784215db2e http://kb.vmware.com/kb/1014886 NOTE: The three ESXi patches for Firmware, VMware Tools, and the VI Client "C" are contained in a single download file. ESX 4.0 Update 1 ---------------- https://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip md5sum: 68934321105c34dcda4cbeeab36a2b8f sha1sum: 0d8ae58cf9143d5c7113af9692dea11ed2dd864b http://kb.vmware.com/kb/1014842 To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle=ESX-4.0.0-update01.zip -b ESX400-200911223-UG -b ESX400-200911238-SG -b ESX400-200911201-UG -b ESX400-200911235-SG -b ESX400-200911237-SG -b ESX400-200911234-SG -b ESX400-200911232-SG -b ESX400-200911233-SG update 5. References CVE numbers --- JRE --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724 --- Tomcat --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002 --- ntp --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 --- kernel --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848 --- python --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031 --- bind --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 --- libxml and libxml2 --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416 --- curl -- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417 --- gnutil --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 - ------------------------------------------------------------------------ 6. Change log 2009-11-20 VMSA-2009-0016 Initial security advisory after release of vCenter 4.0 Update 1 and ESX 4.0 Update 1 on 2009-11-19 and release of vMA Patch 2 on 2009-11-23. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/lifecycle/ Copyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksHAooACgkQS2KysvBH1xmQMACfTEcnuPanvucXPmgJCTT054o+ dtoAniXz+9xLskrkPr3oUzAcDeV729WG =wSRz -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1844-1 security@debian.org http://www.debian.org/security/ Dann Frazier July 28, 2009 http://www.debian.org/security/faq - ---------------------------------------------------------------------- Package : linux-2.6.24 Vulnerability : denial of service/privilege escalation Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2009-1385 CVE-2009-1389 CVE-2009-1630 CVE-2009-1633 CVE-2009-1895 CVE-2009-1914 CVE-2009-1961 CVE-2009-2406 CVE-2009-2407 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. CVE-2009-1895 Julien Tinnes and Tavis Ormandy reported and issue in the Linux vulnerability code. Local users can take advantage of a setuid binary that can either be made to dereference a NULL pointer or drop privileges and return control to the user. CVE-2009-1961 Miklos Szeredi reported an issue in the ocfs2 filesystem. CVE-2009-2406 CVE-2009-2407 Ramon de Carvalho Valle discovered two issues with the eCryptfs layered filesystem using the fsfuzzer utility. For the stable distribution (etch), these problems have been fixed in version 2.6.24-6~etchnhalf.8etch2. We recommend that you upgrade your linux-2.6.24 packages. Note: Debian 'etch' includes linux kernel packages based upon both the 2.6.18 and 2.6.24 linux releases. All known security issues are carefully tracked against both packages and both packages will receive security updates until security support for Debian 'etch' concludes. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, lower severity 2.6.18 and 2.6.24 updates will typically release in a staggered or "leap-frog" fashion. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch2.diff.gz Size/MD5 checksum: 4046697 0c540aa51d64fd0f41fefda0370a7d57 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch2.dsc Size/MD5 checksum: 5117 8149bb152305e615760fd5accc516b17 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb Size/MD5 checksum: 931690 8230f79880ab579b104e9b34029cc97d http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb Size/MD5 checksum: 1572166 59bdbfc8850a9eb4c7f09229f8481a04 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb Size/MD5 checksum: 46892520 c736086affec0e829b80074008edc96d http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.8etch2_all.deb Size/MD5 checksum: 97696 ac7c8e4af4d15f8e77817f3a2060621e http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb Size/MD5 checksum: 4469630 76391a2afe93b14ef942260a2ab0f6c4 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb Size/MD5 checksum: 82766 fccf13a8baefeb96443c00718b47178a alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch2_alpha.deb Size/MD5 checksum: 26737560 705e6c1f456e523e4cd6e2199247ad8a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch2_alpha.deb Size/MD5 checksum: 27342178 b22b7be9f15a3fcd569e83b0981c7b2b http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_alpha.deb Size/MD5 checksum: 3454340 5d9c4195f523265e691a73d165a32bd5 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch2_alpha.deb Size/MD5 checksum: 331144 9b199341a9906f69b92956bee989678f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch2_alpha.deb Size/MD5 checksum: 330548 2e97270481c6406f4703f7ffc642a306 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.8etch2_alpha.deb Size/MD5 checksum: 82254 6ef54422427a87fb7013208abbb90bfe http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch2_alpha.deb Size/MD5 checksum: 26758348 3fa44a2c192d5296abff11160c4143f7 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_alpha.deb Size/MD5 checksum: 82234 2d73cbb156467a0e189b66d64d725957 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch2_alpha.deb Size/MD5 checksum: 332176 8abd6e28989d5ffa359dbdf523b8802a amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_amd64.deb Size/MD5 checksum: 82232 f31859776e8c538793ce7bc12e4d16e6 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.8etch2_amd64.deb Size/MD5 checksum: 82238 0dd51e0668293dc4a112ba7c177a2d62 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch2_amd64.deb Size/MD5 checksum: 355216 e912a184ffa55eefcbf4d075575f956b http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_amd64.deb Size/MD5 checksum: 3649934 25d6d6f81163cd422b987cffe8555482 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch2_amd64.deb Size/MD5 checksum: 19596152 128c3dcd4b54fbca2a8cccf553b15c15 arm architecture (ARM) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.8etch2_arm.deb Size/MD5 checksum: 308764 081a21f64a1939858fd628b2b17b1e9d http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_arm.deb Size/MD5 checksum: 82362 a02c06864fb8adb347c7b3b83707ec71 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_arm.deb Size/MD5 checksum: 3937452 4296fde893b88cba41a5164cd6c68266 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.8etch2_arm.deb Size/MD5 checksum: 297832 882e93119837e060496995474bfbde0c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-arm_2.6.24-6~etchnhalf.8etch2_arm.deb Size/MD5 checksum: 82388 5682b9cb3c9efdf951541c5e951858d5 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.8etch2_arm.deb Size/MD5 checksum: 9356202 12691f5684650f5f808b4ccc3d77e6f6 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.8etch2_arm.deb Size/MD5 checksum: 10777668 be1c3aa597e81f449a1712c059b6d219 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.8etch2_arm.deb Size/MD5 checksum: 10786276 fdfef0d9f0a0f740cdf096efe4076849 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.8etch2_arm.deb Size/MD5 checksum: 306278 243cc2aef642ad3dc3e6faa9f5b7d2ac hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch2_hppa.deb Size/MD5 checksum: 259166 403c84cc8eec53736e11babcd7133c36 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.8etch2_hppa.deb Size/MD5 checksum: 82390 c1e6ec2b43d6dc4849ab58fcca7708fd http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch2_hppa.deb Size/MD5 checksum: 257800 dcf392b46aaabf4187d0b739d7b3f0b6 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_hppa.deb Size/MD5 checksum: 82356 e67f07544c8505aebf46d0fc5cc6ff9b http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch2_hppa.deb Size/MD5 checksum: 258558 a2e28e8a24b42aa4f092218fdb7b24b0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch2_hppa.deb Size/MD5 checksum: 14371812 91a757a164d87fcca9b7c8dcf9737e52 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch2_hppa.deb Size/MD5 checksum: 261468 72a0d875029ef878bcfa7734ad0e3221 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_hppa.deb Size/MD5 checksum: 3444724 e4cbc7652241146662a324980caf28e8 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch2_hppa.deb Size/MD5 checksum: 14830286 ee2c1dd21c02e82c845897b92fc44d18 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch2_hppa.deb Size/MD5 checksum: 13846760 3133b7187049be153f3d946556c58d5a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch2_hppa.deb Size/MD5 checksum: 13335008 a71482e5f95d01ae60ef6f9e84851905 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch2_i386.deb Size/MD5 checksum: 19345260 c8d133c7df467610a2b58b02d437f140 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch2_i386.deb Size/MD5 checksum: 19349370 99465914e158a8a8095d704c7a4eca58 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_i386.deb Size/MD5 checksum: 82350 eb75675cf418a8fe18a45cf78e113b14 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch2_i386.deb Size/MD5 checksum: 19589510 ed83c2d0ba92a0f4b5fb5daed6b86d5c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch2_i386.deb Size/MD5 checksum: 347746 23befd72e069faf404ede7a276b78311 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_i386.deb Size/MD5 checksum: 3647494 9cf283a4c89c8281db35e5fb2ace4335 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.8etch2_i386.deb Size/MD5 checksum: 82384 199633269844e3e36cf936f5a63857a7 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch2_i386.deb Size/MD5 checksum: 361018 4f7299551139e79ad329057ff07de93d http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch2_i386.deb Size/MD5 checksum: 359956 5272e0df584721713692ccb80e8fdc45 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch2_i386.deb Size/MD5 checksum: 361502 4c9a0586154b5fce6d50610d6728bf75 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch2_i386.deb Size/MD5 checksum: 19278068 41f6b91dceeaba5592a15bdbb4170c3a ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_ia64.deb Size/MD5 checksum: 82360 e96d164aa97cbda5c4e0d4a4d8d47298 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_ia64.deb Size/MD5 checksum: 3570154 a7bdb15fd5dc46ea33b570390700255a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch2_ia64.deb Size/MD5 checksum: 32289122 8a66a1efccab804aece0f9c9f9a0c2c3 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-ia64_2.6.24-6~etchnhalf.8etch2_ia64.deb Size/MD5 checksum: 82378 11c070123743f3060aee864a6fa7621e http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch2_ia64.deb Size/MD5 checksum: 322394 7e68b691385f67de57eca947718b3cf3 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch2_ia64.deb Size/MD5 checksum: 32112122 81952edc15d24552bc7e0e250d4e4c2f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch2_ia64.deb Size/MD5 checksum: 322756 0332b3131abca0dde23a3980e3269d6a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch2_mips.deb Size/MD5 checksum: 22151540 85f675d6aa5e858c776b25ed7b55fd01 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch2_mips.deb Size/MD5 checksum: 17152584 968f51589e2246eb98d54f8f7a0deac3 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch2_mips.deb Size/MD5 checksum: 246524 7d37dee7fa5f20d5484a054697944a4a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch2_mips.deb Size/MD5 checksum: 11958562 189d907c882ca1f971e5df5b020db861 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch2_mips.deb Size/MD5 checksum: 246320 9b22546464feae45ee05c1318ce4eeb1 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch2_mips.deb Size/MD5 checksum: 214790 9f3182d818ff7b6a05993763a6120725 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch2_mips.deb Size/MD5 checksum: 17168120 bc71f4391f0b74712a77ce0a98104c42 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_mips.deb Size/MD5 checksum: 82240 56ffbcabce3c1df699ab5005b86b5fcb http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch2_mips.deb Size/MD5 checksum: 10524568 1dcc5f02fea750b73b3d26bbf9436744 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch2_mips.deb Size/MD5 checksum: 309414 2f3e51dd53a0aee437acd14822bdc812 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mips_2.6.24-6~etchnhalf.8etch2_mips.deb Size/MD5 checksum: 82294 9d3e3e23c0fc8a0f1e1841e28fd3a2e2 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_mips.deb Size/MD5 checksum: 3803692 496de2fac6b2631145112d3df8c30a74 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch2_mips.deb Size/MD5 checksum: 309366 ad8430704237cac6706abefb3cb3a66a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch2_mips.deb Size/MD5 checksum: 225310 6f208c9d5eada9b92d3e98530a7421ab http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch2_mips.deb Size/MD5 checksum: 27775866 480af1976cfb2ad886bbeab57828e0a9 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch2_mipsel.deb Size/MD5 checksum: 26985726 697670a3bb624d4d3d78f46f3dd1ffa0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch2_mipsel.deb Size/MD5 checksum: 16630534 64876417bfc90be839f742b7f3df4017 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mipsel_2.6.24-6~etchnhalf.8etch2_mipsel.deb Size/MD5 checksum: 82296 3b389589e0d350fd94e1e6a55064b597 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch2_mipsel.deb Size/MD5 checksum: 246006 6b907d81792642929e73f8f7138a0686 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_mipsel.deb Size/MD5 checksum: 82244 06ea877ec50d7981c308674e878de0fd http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch2_mipsel.deb Size/MD5 checksum: 21734936 1f58a04e3f3e233fc379f7585b37f67c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch2_mipsel.deb Size/MD5 checksum: 309876 33999e485bc68c26f1355c34591fa9d1 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch2_mipsel.deb Size/MD5 checksum: 246316 f5ee5c81b6f69590e7483c63914aa4f1 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch2_mipsel.deb Size/MD5 checksum: 13317230 d5c0090dd1f3487c1a1b98e663d302a9 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_mipsel.deb Size/MD5 checksum: 3803662 c04871193e6cd5fe88e7d757fe94dc15 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch2_mipsel.deb Size/MD5 checksum: 246138 83d394f1c4638687b1bd71213d6fc9fd http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch2_mipsel.deb Size/MD5 checksum: 16566994 4ad893a3f64121974125e7df7a246c32 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch2_mipsel.deb Size/MD5 checksum: 308542 d1aa85d73a85243f9e11e6d319829560 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch2_powerpc.deb Size/MD5 checksum: 17459600 932f0c6e71fa2a92bcbf91245d4a6f34 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch2_powerpc.deb Size/MD5 checksum: 19195098 3894f438fae8ccd897ae1b193e05a06c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch2_powerpc.deb Size/MD5 checksum: 19486104 e186a5e57fc6ef416a9f0611b4e32b00 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch2_powerpc.deb Size/MD5 checksum: 321892 920d908f2b7f39a4ea245a452707de9c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch2_powerpc.deb Size/MD5 checksum: 321508 053a1e68eb59bc3616762c77c478b77c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_powerpc.deb Size/MD5 checksum: 3672616 9480b5733676cd5d73e984cd6b36cdb2 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch2_powerpc.deb Size/MD5 checksum: 21169994 225176293c099a0a66a6e427f8f342c9 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch2_powerpc.deb Size/MD5 checksum: 321100 ed5daac657617ab8ea09dedbbd5825e9 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_powerpc.deb Size/MD5 checksum: 82240 d5758f3021b63ba5a46f4bb59a0264bd http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-powerpc_2.6.24-6~etchnhalf.8etch2_powerpc.deb Size/MD5 checksum: 82278 68134af3769b6654c610701382a41932 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch2_powerpc.deb Size/MD5 checksum: 294694 6e01dfd311f1094cb5cf39e6ab13030f s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390-tape_2.6.24-6~etchnhalf.8etch2_s390.deb Size/MD5 checksum: 1502142 d742c3ccecaeae89dd72efa337ad8d77 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch2_s390.deb Size/MD5 checksum: 194364 95a4fc8d1329f3926c95d0d866ea95c1 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_s390.deb Size/MD5 checksum: 3429940 46b5705e72023ec8eabbeaaae179df0f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch2_s390.deb Size/MD5 checksum: 194060 0c71ba7ea8c4108e88ce439c83e36101 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_s390.deb Size/MD5 checksum: 82228 f6a160399eb50aed5c7ce0a802977eec http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-s390_2.6.24-6~etchnhalf.8etch2_s390.deb Size/MD5 checksum: 82242 20fa5214b693fd929327b65dff5ec749 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch2_s390.deb Size/MD5 checksum: 7200766 c6697bcd7109bad0fd2742368bfc7173 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch2_s390.deb Size/MD5 checksum: 6950228 2c118466985f0d41c074e3d7ae019d4e sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_sparc.deb Size/MD5 checksum: 82354 917940e7cc2b2ae64b7b13119c8d5cdf http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch2_sparc.deb Size/MD5 checksum: 263544 e8b14218397904ab5f792a659c713900 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch2_sparc.deb Size/MD5 checksum: 13317316 74c832fd75da1e42442c1fc2fb985454 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_sparc.deb Size/MD5 checksum: 3650988 92f721bff0660a92cff31845e3db2b09 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch2_sparc.deb Size/MD5 checksum: 261690 519b6d40d8fc3af21f475b10bfaef609 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-sparc_2.6.24-6~etchnhalf.8etch2_sparc.deb Size/MD5 checksum: 82374 8ff85603936f91294ec959d8fbca1db5 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch2_sparc.deb Size/MD5 checksum: 13019920 db00ad3ea888c38b94f6e9c2aebbd834 These changes will probably be included in the oldstable distribution on its next update. =========================================================== Ubuntu Security Notice USN-793-1 July 02, 2009 linux, linux-source-2.6.15 vulnerabilities CVE-2009-1072, CVE-2009-1184, CVE-2009-1192, CVE-2009-1242, CVE-2009-1265, CVE-2009-1336, CVE-2009-1337, CVE-2009-1338, CVE-2009-1360, CVE-2009-1385, CVE-2009-1439, CVE-2009-1630, CVE-2009-1633, CVE-2009-1914, CVE-2009-1961 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: linux-image-2.6.15-54-386 2.6.15-54.77 linux-image-2.6.15-54-686 2.6.15-54.77 linux-image-2.6.15-54-amd64-generic 2.6.15-54.77 linux-image-2.6.15-54-amd64-k8 2.6.15-54.77 linux-image-2.6.15-54-amd64-server 2.6.15-54.77 linux-image-2.6.15-54-amd64-xeon 2.6.15-54.77 linux-image-2.6.15-54-hppa32 2.6.15-54.77 linux-image-2.6.15-54-hppa32-smp 2.6.15-54.77 linux-image-2.6.15-54-hppa64 2.6.15-54.77 linux-image-2.6.15-54-hppa64-smp 2.6.15-54.77 linux-image-2.6.15-54-itanium 2.6.15-54.77 linux-image-2.6.15-54-itanium-smp 2.6.15-54.77 linux-image-2.6.15-54-k7 2.6.15-54.77 linux-image-2.6.15-54-mckinley 2.6.15-54.77 linux-image-2.6.15-54-mckinley-smp 2.6.15-54.77 linux-image-2.6.15-54-powerpc 2.6.15-54.77 linux-image-2.6.15-54-powerpc-smp 2.6.15-54.77 linux-image-2.6.15-54-powerpc64-smp 2.6.15-54.77 linux-image-2.6.15-54-server 2.6.15-54.77 linux-image-2.6.15-54-server-bigiron 2.6.15-54.77 linux-image-2.6.15-54-sparc64 2.6.15-54.77 linux-image-2.6.15-54-sparc64-smp 2.6.15-54.77 Ubuntu 8.04 LTS: linux-image-2.6.24-24-386 2.6.24-24.55 linux-image-2.6.24-24-generic 2.6.24-24.55 linux-image-2.6.24-24-hppa32 2.6.24-24.55 linux-image-2.6.24-24-hppa64 2.6.24-24.55 linux-image-2.6.24-24-itanium 2.6.24-24.55 linux-image-2.6.24-24-lpia 2.6.24-24.55 linux-image-2.6.24-24-lpiacompat 2.6.24-24.55 linux-image-2.6.24-24-mckinley 2.6.24-24.55 linux-image-2.6.24-24-openvz 2.6.24-24.55 linux-image-2.6.24-24-powerpc 2.6.24-24.55 linux-image-2.6.24-24-powerpc-smp 2.6.24-24.55 linux-image-2.6.24-24-powerpc64-smp 2.6.24-24.55 linux-image-2.6.24-24-rt 2.6.24-24.55 linux-image-2.6.24-24-server 2.6.24-24.55 linux-image-2.6.24-24-sparc64 2.6.24-24.55 linux-image-2.6.24-24-sparc64-smp 2.6.24-24.55 linux-image-2.6.24-24-virtual 2.6.24-24.55 linux-image-2.6.24-24-xen 2.6.24-24.55 Ubuntu 8.10: linux-image-2.6.27-14-generic 2.6.27-14.35 linux-image-2.6.27-14-server 2.6.27-14.35 linux-image-2.6.27-14-virtual 2.6.27-14.35 Ubuntu 9.04: linux-image-2.6.28-13-generic 2.6.28-13.45 linux-image-2.6.28-13-imx51 2.6.28-13.45 linux-image-2.6.28-13-iop32x 2.6.28-13.45 linux-image-2.6.28-13-ixp4xx 2.6.28-13.45 linux-image-2.6.28-13-lpia 2.6.28-13.45 linux-image-2.6.28-13-server 2.6.28-13.45 linux-image-2.6.28-13-versatile 2.6.28-13.45 linux-image-2.6.28-13-virtual 2.6.28-13.45 After a standard system upgrade you need to reboot your computer to effect the necessary changes. ATTENTION: Due to an unavoidable ABI change for Ubuntu 8.04 and 8.10, the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. Details follow: Igor Zhbanov discovered that NFS clients were able to create device nodes even when root_squash was enabled. An authenticated remote attacker could create device nodes with open permissions, leading to a loss of privacy or escalation of privileges. Only Ubuntu 8.10 and 9.04 were affected. (CVE-2009-1072) Dan Carpenter discovered that SELinux did not correctly handle certain network checks when running with compat_net=1. A local attacker could exploit this to bypass network checks. Default Ubuntu installations do not enable SELinux, and only Ubuntu 8.10 and 9.04 were affected. (CVE-2009-1184) Shaohua Li discovered that memory was not correctly initialized in the AGP subsystem. A local attacker could potentially read kernel memory, leading to a loss of privacy. (CVE-2009-1192) Benjamin Gilbert discovered that the VMX implementation of KVM did not correctly handle certain registers. This only affected 32bit hosts. Ubuntu 6.06 was not affected. (CVE-2009-1242) Thomas Pollet discovered that the Amateur Radio X.25 Packet Layer Protocol did not correctly validate certain fields. A remote attacker could exploit this to read kernel memory, leading to a loss of privacy. (CVE-2009-1265) Trond Myklebust discovered that NFS did not correctly handle certain long filenames. Only Ubuntu 6.06 was affected. (CVE-2009-1336) Oleg Nesterov discovered that the kernel did not correctly handle CAP_KILL. (CVE-2009-1337) Daniel Hokka Zakrisson discovered that signal handling was not correctly limited to process namespaces. Only Ubuntu 8.04 was affected. (CVE-2009-1338) Pavel Emelyanov discovered that network namespace support for IPv6 was not correctly handled. Only Ubuntu 8.10 and 9.04 were affected. (CVE-2009-1360) Neil Horman discovered that the e1000 network driver did not correctly validate certain fields. (CVE-2009-1385) Pavan Naregundi discovered that CIFS did not correctly check lengths when handling certain mount requests. (CVE-2009-1439) Simon Vallet and Frank Filz discovered that execute permissions were not correctly handled by NFSv4. A local user could bypass permissions and run restricted programs, possibly leading to an escalation of privileges. (CVE-2009-1633) Mikulas Patocka discovered that /proc/iomem was not correctly initialized on Sparc. Ubuntu 6.06 was not affected. (CVE-2009-1914) Miklos Szeredi discovered that OCFS2 did not correctly handle certain splice operations. Ubuntu 6.06 was not affected. (CVE-2009-1961) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-54.77.diff.gz Size/MD5: 3001537 eba4f5e0c7a98a38dea67bfa3e168240 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-54.77.dsc Size/MD5: 2400 4ddbb75d160d27e0385fbabe7f1ee16a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15.orig.tar.gz Size/MD5: 57403387 88ab0747cb8c2ceed662e0fd1b27d81d Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-doc-2.6.15_2.6.15-54.77_all.deb Size/MD5: 5167494 b57a1f066e6e27335636d97032bac1e4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-kernel-devel_2.6.15-54.77_all.deb Size/MD5: 95350 6585056cad015d6ca7e28ab593cd8b69 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-54.77_all.deb Size/MD5: 44742940 96f1bf40f8e1197b05d8cc2892f2c145 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/acpi-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 22354 a8efeb55cc67813d523cce4e9a8540ec http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 44770 ceb8d616dcdd3e0acd2c5f1bc0957167 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 2306 13cb4639cc7517e3111efdea783b906e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 36252 5ef331e5a71c799d054ed67e1af7afb6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 102298 94937c4a9294258227c971c9c5e05c5b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 38894 eb294ea73d31f1c2f9fda6618ec63770 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 49144 b633a70773bbbe8acf959b99056c8117 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 176712 02c0b79f0fa0b1ebf343781974474a4e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 36776 8a9d598a72f8199cafd120f3aec583c1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 142248 3adf2b7652974e829eaeb41d822a5011 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 51070 25ec529d7f82bfb0ddcd981304434934 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 140616 bf360bdcf71309b158123ce3070aaaf9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 286860 041ee91c6050c552bd52930dfb7c9f6b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 97798 b66af76803a50cf7a3b22c2fbb9f00b4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 1651646 756c6cea34752f0bf7a1e829db020e57 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-amd64-generic_2.6.15-54.77_amd64.deb Size/MD5: 871700 f51a4a973ece89338d4843d27a5ced94 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-amd64-k8_2.6.15-54.77_amd64.deb Size/MD5: 872620 cef392fe29c4a2dcfa1ffb9607f990eb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-amd64-server_2.6.15-54.77_amd64.deb Size/MD5: 872046 e9a140b82a6800dd7c08d8b744e75e2f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-amd64-xeon_2.6.15-54.77_amd64.deb Size/MD5: 872590 46b39ade35d2e36728d913fe84b6f79d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54_2.6.15-54.77_amd64.deb Size/MD5: 6925720 a40915984f97b8e817774d8d56155484 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-amd64-generic_2.6.15-54.77_amd64.deb Size/MD5: 20816072 98817474a9a662d4c5d79811547b98ef http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-amd64-k8_2.6.15-54.77_amd64.deb Size/MD5: 20785638 cbf0cd088aeff7b0b87df905b9e8468f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-amd64-server_2.6.15-54.77_amd64.deb Size/MD5: 21630872 f56a80007a836fec66ef9a2a94883d97 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-amd64-xeon_2.6.15-54.77_amd64.deb Size/MD5: 19903700 98158564170bf417e3ba7f91263f5f31 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 15646 3894b718b3d312c48c92d9ac52252e5d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 240370 a8ee1ef17d8c778484a1b5fdc14777b5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 202636 2fbb7c2f21624e8c39388ac167f1bca3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 1048602 97b108097bf19f308240d1413ad38b64 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 1542980 c57046562d168b6e8ee13a25fea0347c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 161648 c9463e7a0ebb0c3879f7a6d644751c85 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 9832 88ec0bfa3382802a777bcbf9dc7d2220 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 80862 c850080cdc776aabab0c7e0e89cdb13d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ntfs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 49172 99f5fcc78a1beea9bbbf9cb455c45707 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 35168 9a07d29dedcbed5a44079e64e2bfc911 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 70884 86d8342ace381ebf07b2f4ead760797c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 6224 55a1df7fa8889b89cd3a009d2d84cbb0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 9060 9805d4d7b24730a66d881ec8ffccc203 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 57898 4a0c6ab2237785c56a140bb82818578a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 123332 cfa831d03acaba7fdcd38cc296245fd7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 101028 f5be2f6c6c299d7c732b59fbfc2ea586 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 79250 a59e9df8e087eac06df9fbda8a8a6405 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 1594790 0bc41203b7830a51a6e1a1b9f981ab15 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 72306 6acc47f96a766cc043ee2a4f47edd3d3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 12654 5a615c1146e10d37ef89d0d2ffaf770e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 33736 850c53ba72802eba8128f9c69786b663 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 138534 82827eb2785d66387e75873bcbcb84f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 38938 bb5ec1051b41c083cdd18225b4f0ac24 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-54-amd64-generic-di_2.6.15-54.77_amd64.udeb Size/MD5: 278746 1a19131977b00e345ca43f2da7d78f60 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/acpi-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 18976 cc2753f5656925c3015c39979cb8cff3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 43460 a322e932de50b99745f263a9c2d07e00 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 105212 c109dd4fd0061a526e506e6419e71b24 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 2286 47108cbcb70c3749d2b045c6f8c1a1c7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 34576 df9c1643a4d064f3db582744ad47a9e0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 96952 0fa666be29393ff121f0ff64c45495ea http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 37102 f4f2833e372e12fabc8237f05e45bf6d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 44078 cdcdb874e1bc26abeec66c66c39dd6e2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 167754 575f5b4208371c2e5d11fdd1d8856119 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 33938 8578c3357a6f1ddfddaf863d2ac2cfb4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 137870 f46efe5131f63f6f6ee7757d1418b81d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 46894 7dc4dc6732d97dcf4ec8e854f5f563c6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 132998 a70d2f28ac9f08ef9b505fbe034fa9e2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 273450 d6d45586cf1dfff150b030e9ef3de755 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 102260 7216111ca2c37fc6ef3d6757254f8261 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 1596062 4d81a723f97979546f7a7032411e88ff http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-386_2.6.15-54.77_i386.deb Size/MD5: 863226 924f92be148cb1bb13db4f7252fd644c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-686_2.6.15-54.77_i386.deb Size/MD5: 858374 ddd82deb53082e6ce4b6791ed14dd44f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-k7_2.6.15-54.77_i386.deb Size/MD5: 859558 59451d436d231e187ec193aa4abfe1fc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-server-bigiron_2.6.15-54.77_i386.deb Size/MD5: 867408 e88f0427e3f965f7c8cfd10cf65255a3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-server_2.6.15-54.77_i386.deb Size/MD5: 859510 ff4d32a7389bf7ecdb224525699c1868 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54_2.6.15-54.77_i386.deb Size/MD5: 6917458 fd0a57262224b5c9c03b392deee6dba2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-386_2.6.15-54.77_i386.deb Size/MD5: 21712838 ce53ee29a36dd9cd9228176e6a67d0cf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-686_2.6.15-54.77_i386.deb Size/MD5: 22508152 f8977584a67f926bce6e172b61d483cc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-k7_2.6.15-54.77_i386.deb Size/MD5: 22255354 85be88ae00e9c10d859985cfe320b9ba http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-server-bigiron_2.6.15-54.77_i386.deb Size/MD5: 23618958 0dd94a3c4bc391252914ef536a049eaf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-server_2.6.15-54.77_i386.deb Size/MD5: 23173694 36c092afcfd842937423257362deb71d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 15510 9bfea12610a193ecbf077c7dc10b67a2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 238530 0d6767483144ccbdfb4d5496dfa1b890 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 197046 b779aa690688bd0ce620b3feed37c72f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 1048392 251f698fe32b7aa18b52b8c930d997a4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 1740818 be462a74a24ef70208e5af89879da1fb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 160828 bee9438c9a9c524335bbde0b07be1313 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 9166 1f281ddb8155bd44eca2c0097bd3412e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 76484 024d47a314d9e6567fb071e2814622d1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ntfs-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 53256 456e910d9e3bde1047c24daef0b5658e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 33054 3b0bc0f0738ca6080dd9446a54b22ac7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 85630 b46b2de723e39a047552d1bf53422286 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 6028 efd9e548799433f47e80be328f92e779 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 8762 da11c1b27b852c13e054d4aec99b9f13 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 53636 e7c55e0573e7aabc1098bbe9d37c6910 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 130776 a254b737d82cd35230628f67effd60d3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 98432 f772e922c5ca1f3ea8249c702e72cc73 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 77184 1a3d5fed7e2593cd1e324e81e8f73fbc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 1768386 bba934fcf1768f4e6616783b67cc0cb6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 69570 672c7fe6f046dc6ec11486a62622ed26 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 11758 a86954df8c28e894e6849038aec6dd3e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 36008 fc0d3c2b5b263bcd9260dcb8a75cf2e3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 132566 75fad8a0bac352909402ff2b333fc917 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 38564 48aa028998c1382beeecf660aa5aac3a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-54-386-di_2.6.15-54.77_i386.udeb Size/MD5: 299114 f11e7eb80349e04b8f23d8a049f76b56 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/affs-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 23724 2db2adaa57d92b7f48688f95179e15e0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/affs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 25950 95c01793a23a24cbff49964e4b8c5585 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 49326 ab284f2d44d7a2bbc5ea52e67f613b23 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 51530 a600f307f0f91779acc5c1980c4c3223 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 2308 4effd1e0af9c3f48e2243691eb8ff6be http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 2482 a4633265ec8c02ba24ea472625a3a3ee http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 40196 21e77905b68f5d3872662ab5948dfd94 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 43758 e439eec68bed9e401fec40c0031434d3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 112596 caf6e08a7b71ca1051b5d94c62029fe3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 120666 feb6891c9b38bbcc0d58026e14e2a0f5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 40850 d1933a4df097dba261b11bbae450cc95 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 45958 17b93bb9695be9a7cc0cb8bdac26e767 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 29032 6ca496a4614fc2f0bf880a9f0fdbcb35 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 29900 538fd9bb6ec6ff9c1cb4c61506a2094e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 211404 5d35841b61601520fa369d152d3bbd42 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 225214 3866f620a880044623bbc963a1b15f8f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 45056 3fd6ac720a4053a1554c515dbdd60d09 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 40220 342eae2faccd8a8e8235ccbe7a118f44 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fs-common-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 1936 6eb08d519ab2bf1a5f5fac6e0c832e6d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fs-common-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 2200 a2f7579c4986495691a7b124fc34c7c0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/hfs-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 80680 37cbcb404f7c6d42ddf270cb222d97a0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/hfs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 86078 ffb8b233eb68841688aa616f1880fcb7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 111644 8d3233bee5a2d55582bda79b6bd22f1c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 125774 b1d8fd5c48d3d50a25da84576e3b1c2e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 53410 9737ace229facb52faba8819b39aaa4f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 58474 c0dfc0546cd6a326e8e5372286147ebc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 147772 5add6e71d59aa7b22544c89d236f1264 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 161708 2e4eaeb64a8a149fe0e89a6aa32c4273 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 317494 e1e4733d8591ebe9372fe88ed3f0c816 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 287602 85599af30985f874baa2005e68247c8a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 115854 b64bea5344a06582f592f8de8493fea0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 116514 54a687f3c7d632b17400826c8358eec2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 1924292 af79708a135129928126925812c5e985 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 2447446 600b87a4f5376d7ed6685dde273d1ca6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-powerpc-smp_2.6.15-54.77_powerpc.deb Size/MD5: 873400 cdb7cb415d400e8e8e9d69fa6a21549d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-powerpc64-smp_2.6.15-54.77_powerpc.deb Size/MD5: 870866 7252b4b7c1a9b0d65e69939157d86e13 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-powerpc_2.6.15-54.77_powerpc.deb Size/MD5: 868624 fa84e5dae2ee6f9986de8772a1357e23 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54_2.6.15-54.77_powerpc.deb Size/MD5: 6946740 28fc20a94d95b0b8c02aca0708a74101 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-powerpc-smp_2.6.15-54.77_powerpc.deb Size/MD5: 22776364 389e45cbdd998fa7dafa1229f5737bcb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-powerpc64-smp_2.6.15-54.77_powerpc.deb Size/MD5: 23678834 ea0a1438c2b0a5334b7ac71407cbc868 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-powerpc_2.6.15-54.77_powerpc.deb Size/MD5: 22355382 18f2e503843c54824551f54d39b8b468 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 17782 9933c39eaa26b6c5558399d461d6e4aa http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 17380 4f213deee9b7c625c1fd48d88f048c6c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 261268 d73545c9cef2251ad094e9e53f889421 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 282478 b037d7889d3f63d86c3605c945f081dc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 227640 d6a097d06e05da8ae4676497fe918633 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 248884 ca8a5caa96f92834425d7ee4a48a95e2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 1048444 f58af64355ebfa8d71973d7961285aea http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 1048566 32f48ed1ee827656c9446c79d6802b99 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 1737706 67f6c275ca396042f8613936eda72c97 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 1877428 8d0bbebe4eb6e4bf964fb6f440af7789 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 250878 c171495228a2d3f25a5dab6a1d46ffe5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 233632 c6062b42d12fa38bc5fcb59261bfa528 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 13026 e2a2a9c9c0a66e0f66e4971456becb07 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 13526 6393b9447870a049537c64f1da8c0984 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 84832 dafa241b2ba2792acc11ed92ebf58d8a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 52194 9d681e1cde559db52f919d9a75da2987 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 73908 1b9eea0eb286147c629a5eb6a737bf68 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 85844 9d8a5108c045be78f3aa16ec41863d49 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 6624 c39e697a9b25473e791b7668df4798d5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 7064 02c208ead4772ebd6dfaa1ee19df56cf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 60376 b83d6031ce6298fd19869d5d29e3a0c4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 70392 cbaee4dfd466a12dff0b9098baa8788d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 128550 e4821e65980d609ef08066b2780a485a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 157808 9a1b4e218e785ecef63b0406c5f9c8a5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 108038 b472765900eaa08cc2cc54a2ae26d907 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 126050 75623f4ca292e6d3fc2b6e00211f964b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 87304 2ff71c1735a777692a08170ed726345b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 93306 ee8b741bf1ee4f57a90da0ed2b6da7d8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 2013972 dac2efef3ff9d6289b7309d57cb72745 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 1988102 c8d45fc53efb2b9f324547fd06ae7409 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 104106 14ccbc627fb90ae558e79b3833e5ba6b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 115702 19934a14896949c68acbe6f4b6459b0a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 12738 31ecc1891237ac01baa6d70fa55b2ffa http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 14444 a638ce85cd817ffcd0316b798067af0b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 39948 0fad0a28b3b61dbce21d2ab2d3e385ec http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 41474 4c179c6570402716b5e16076ee359ff9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 149308 d381b35191480574c053f931f5d4b838 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 168034 937d9f0067d9c5b86f547355a759ce3a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 42272 9adfaeeaeec83a69f60bba08b9f7029e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 44880 8be844f59b2578d8b0b96df521ed2980 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-54-powerpc-di_2.6.15-54.77_powerpc.udeb Size/MD5: 320284 ed49feb1ad11dbe9eaebdf8e3b55aa14 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-54-powerpc64-smp-di_2.6.15-54.77_powerpc.udeb Size/MD5: 324712 00dc7e4c517a8e77dbdbcd472560fd07 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 50478 90ae6fcda7578bfc42fb227db6ed4a16 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 2362 81e28a5627bcd9793bdb3d7d66c808e0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 40332 bba6454e4e7a730fc19a71e9f177591b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 110530 ee2bc9880d4119adc01104c26f4c9b45 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 41186 22e3751924678d62633868c319ec33bb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 104238 f5357492d5c611bd51c4724b1b955972 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 7438 6e66a60e61009df9bc350cde8318fd0e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 149008 d39a3d71f7cdaa48f4603f0d40d7183d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 1711722 024c561786c0bfc1f337cc46a1a99842 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-sparc64-smp_2.6.15-54.77_sparc.deb Size/MD5: 772116 b88f78698771d7b662bd8f55da837860 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54-sparc64_2.6.15-54.77_sparc.deb Size/MD5: 771542 ade51cbe986056b296fc493d071add8f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-54_2.6.15-54.77_sparc.deb Size/MD5: 6963002 734ea162d7bdae6fa642fbb65fc4aefd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-sparc64-smp_2.6.15-54.77_sparc.deb Size/MD5: 15009480 f11efad62b8121702c97f681aaeff50c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-54-sparc64_2.6.15-54.77_sparc.deb Size/MD5: 14829506 72058abf59e768b6e7a962a0f1765772 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 7422 0fa7e99c434b4c2e616b163473d2482d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 248670 395da4afc2eea6417478e5b9df10eac9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 212452 381c41cde8488c4b922e0d13250ac60d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 1048468 d00527551222987b228c1b3a236b33fa http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 1481892 c2a73def45b9c272b0f1b16b24072f74 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 10118 6c152d785d4130d9189dfc5562b2918d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 40180 bfdd5a38c85c337948efc354d5b52b1b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 9370 a6b288b0cddcba37aa113b6c6a82c1ac http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 61482 f6d84c317c95ca51e4a3a961edd4afbc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 163022 75d6fbd3830d3fa83a4a33087893230f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 64010 b2c069e1a9ab296b69db1c9d9347fdb5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 1235086 983bf44bbfed30448fc00b43e525a222 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 59354 ce272f6264ab0b9731c489358ffae596 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 37406 39fb3eb53208a1810ef284874296c3ac http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-54-sparc64-di_2.6.15-54.77_sparc.udeb Size/MD5: 280076 7716ed5dd3c520a43c3774a4e3633047 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.24-24.55.diff.gz Size/MD5: 4767049 a3e6ddfbd5081bb6e7535fcde2a3f609 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.24-24.55.dsc Size/MD5: 2219 ddc04a20e187b20a43a5cecc952e4b59 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.24.orig.tar.gz Size/MD5: 59085601 e4aad2f8c445505cbbfa92864f5941ab Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.24_2.6.24-24.55_all.deb Size/MD5: 4928644 067a5db90758e43f49badf44aadc2ae2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24_2.6.24-24.55_all.deb Size/MD5: 8142948 27ced16bc9ee340f7d2e59c4d03d4175 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-kernel-devel_2.6.24-24.55_all.deb Size/MD5: 96898 a53b271582fb8cb0f8aa7a3e6ef32d02 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.24_2.6.24-24.55_all.deb Size/MD5: 46978434 5338ae19db39ce537ea7f81fbdfc4a62 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux/acpi-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 28590 3b10ec843d4ca2b68122730e1a14b331 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 224138 5ef7d9b5cad79f6e5b10f8a004ec5cf4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 52646 d4bf1babe03ceacbe09131b76a14b9cd http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 40622 8e880c89feeb75ddcb97eff9a1d2fb3c http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 48658 639f3170e278823641666c3355710ce9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 86268 b2ae6f9d0f3397ab9d56b5ee2604f176 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 36310 1f5d7ef1723c827f6ec1727b3787f3a9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 648378 1e2bb0cf23d1a130795cd9f745e76fe7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 209694 0235e8c39f85c8c59e5d8992d2c4d3fa http://security.ubuntu.com/ubuntu/pool/main/l/linux/ide-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 39192 40b6ff3fb69584a473fd285329e2e2b2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 67952 06997f3f9fd155b9d8fd19ed840a7f46 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ipv6-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 145266 94a9d3bf11d07fda05ba8d37e488c75e http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 286678 5b1c737aa948d6e03fdc79cea2467968 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 2128784 32fc2ee9b3e3e5fb2b1c8a2522acc991 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-generic_2.6.24-24.55_amd64.deb Size/MD5: 671194 533f220e2ed87ae41437a2e46d1135bb http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-openvz_2.6.24-24.55_amd64.deb Size/MD5: 1251290 0c12f1ec5d33bf9b98a2cf65411f0cf6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-rt_2.6.24-24.55_amd64.deb Size/MD5: 1273382 3dd530222979fbc4a0ec5846be3daa2b http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-server_2.6.24-24.55_amd64.deb Size/MD5: 671242 608ed557543bc3b12872b8731ac5594c http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-xen_2.6.24-24.55_amd64.deb Size/MD5: 1082876 c87e898e14f6037d1e4ad8c2c9fbe726 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-24-generic_2.6.24-24.55_amd64.deb Size/MD5: 17801664 16b23af9d06baf9c80b4ffc5b2ac8ce0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-24-server_2.6.24-24.55_amd64.deb Size/MD5: 17771428 8122d12f5082445f9603d13335b83515 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-24-generic_2.6.24-24.55_amd64.deb Size/MD5: 21014464 68b73490ad11f3343768b5c201c70b25 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-24-server_2.6.24-24.55_amd64.deb Size/MD5: 21387618 3b1bee21e40c69175cd5d1d45c5bf353 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.24-24.55_amd64.deb Size/MD5: 705286 db77b2afae66f80b6692bb8a19cc602e http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 263680 7f27a9bbc9cefe36cf9dc85d16423bc7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 176350 b51e4026bc049983ebd216f31169a41e http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 253928 a60545ac2ad4d8cdaf08da09e555ad08 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 1640052 b5d649f457aecfccea9ee1758b546bd9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 143684 0290beaef1a4ae3e291e20c517b979cb http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 164328 9124879a405d861d756f6dbeb40485b0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 115838 6edbfc0f6d64e81778feec9bbe7d0388 http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 35062 34b4bfd673f5b69d6a66d357d53913e8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 64396 8913719a5eb39424e244f3aa3923ad56 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 69694 0a45f71737115cdcc8a8a7979bc9c01e http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 21592 1e5dfd4b78a18cbe0615bfe4e656241d http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 8618 3353256d9abc6aac3c8904247fad36a8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 57178 34272f15a47eaead9a3bb5e8cabc99fe http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 102988 16f8a54269e7acfeec29642135518312 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 1212082 7bfdf05b2a0e7a3e2a9bd69bfb74929a http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 45470 57609f5c992b83ab16b19cb8bdacff4a http://security.ubuntu.com/ubuntu/pool/main/l/linux/socket-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 12772 ddb48f6ed471562112661169d41c09c3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 497808 bd328b4bfef64c9afaddaee236abdb91 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.24-24-generic-di_2.6.24-24.55_amd64.udeb Size/MD5: 74980 db1542ff52ce70a7fa58d678e70d1ab7 http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-24-openvz_2.6.24-24.55_amd64.deb Size/MD5: 19242994 1c7114da74f213cc5cdb9599ecf7233d http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-24-rt_2.6.24-24.55_amd64.deb Size/MD5: 17890604 f7c54711409ec7c911b89a9e8d3cef47 http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-24-xen_2.6.24-24.55_amd64.deb Size/MD5: 18900390 a6502ae7ee82cf1393310e22903b2763 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux/acpi-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 23682 1c7aab194616a471285a9d250127a835 http://security.ubuntu.com/ubuntu/pool/main/l/linux/acpi-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 26764 92a84719d2c4883b366d6d68d1820120 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 218684 eb3d8b92d6c4a48245724997a6121fc2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 220440 40b53586ca28797dc014b8f656cf4725 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 51932 80258fa2f467ec10a1ec94ba389a247e http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 52062 d84d679039a1dcb7a7a6e2be9a11bc9a http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 38324 ff2e0a017b7f58e42c276911d2b763ea http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 39080 50426ae4e5c02d35e95c5351665417cb http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 45866 27ce55188a7e0726ea19ac778c1b20bf http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 46012 ec9111a5e17c2b7cf80a8ec9d7eb574e http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 83200 c17e82497048c7e436642aa16a8b4177 http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 83580 d683701699212dcc121fb6c59096a766 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 32396 2476d6800fd166d9923a3b25e7284e37 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 32674 15560eb3ad638e98cf61e9ba41f59040 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 637392 0fecf174e6f568e2c6c7dad168bc3841 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 655480 3296fe2e55062e3b5b4b39e79e2104c6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 209782 13517227a395e3b14e02c55a04d9b4a3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 213588 e303705801fc9b3fb8f04b49c18f8d20 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ide-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 46558 47c3d466e4f4e2725a11e60e8869d501 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ide-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 47578 3680b979071cb88973c8aa33f94f2037 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 62250 79aec11c8be1c769f018f94cbe9c1e42 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 63618 5f60fbf8b28c79d969bbda9f457e5761 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ipv6-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 130296 744b0747406ed2d6b4d57eac25a866ae http://security.ubuntu.com/ubuntu/pool/main/l/linux/ipv6-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 136874 923a1fde2cf0625dd1a4de29e9738fac http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 278542 56184e755e1b37390051b10d66615d8e http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 277118 b273c46bbceb8d256b04295ea3f6bc5c http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 2008816 96b6e6b4d202c7d4edcd9a4e9257e663 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 2086100 0199324ff0fe5d6e7d833a3c07a6ac0a http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-386_2.6.24-24.55_i386.deb Size/MD5: 652664 06b4ba3927add4c3a8fb5ee484129bd5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-generic_2.6.24-24.55_i386.deb Size/MD5: 655538 f1aad1bb26f9fdaea6bee64cdf6e69d7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-openvz_2.6.24-24.55_i386.deb Size/MD5: 1239292 17b21b1c71a637a1f3470befdc6e244c http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-rt_2.6.24-24.55_i386.deb Size/MD5: 1259626 c857ca06ef5630c9b6faad7c13ef1449 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-server_2.6.24-24.55_i386.deb Size/MD5: 657340 e5fc27b2ba6419ae6110bfdb147dc50a http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-virtual_2.6.24-24.55_i386.deb Size/MD5: 557898 1d6abe04efc461e263605280c3d6a327 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-24-xen_2.6.24-24.55_i386.deb Size/MD5: 1058088 1de1a8532504cfab66b9afb58aa7fd64 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-24-386_2.6.24-24.55_i386.deb Size/MD5: 18368104 894bae5c45f3313fa6ffde9c5403a050 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-24-generic_2.6.24-24.55_i386.deb Size/MD5: 18389358 0f87aba56c1e970dcc7a05c178764c59 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-24-server_2.6.24-24.55_i386.deb Size/MD5: 18498588 f5c1063f494bd8000f41db10a4c923a3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-24-virtual_2.6.24-24.55_i386.deb Size/MD5: 8686422 ff430f2f608d318cfdc9ee1f085232c0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-24-386_2.6.24-24.55_i386.deb Size/MD5: 25497824 3fdb3a0bae1754cc7dcd5fc13e5c92f3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-24-generic_2.6.24-24.55_i386.deb Size/MD5: 26304704 fbf86e8b9355cd2a4dc4e964ce93a1e1 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-24-server_2.6.24-24.55_i386.deb Size/MD5: 27324298 f2411de5448b6b3dc5041ae93e3fbad8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-24-virtual_2.6.24-24.55_i386.deb Size/MD5: 24820580 7c3be9e7dca67713529e3f593c28ca8d http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.24-24.55_i386.deb Size/MD5: 705292 e7ea84e2f6120b20e2718223efe47e4a http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 258744 758ec24355c4c81cb04be0b337b79d22 http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 264062 c3f0e5c7f02e751e8db755eb939e493f http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 163194 681a38c27b55f122aff23ddc43358e82 http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 162950 64cab9f1cece7117949678fd7022be38 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 236500 02a04c11e39555ded5a1af39a31f2e1b http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 244826 1536f32ebccf86886505f5c111275425 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 1809006 eaa66dd9cdf3cae2f3387bc50b0aca3f http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 1826238 ef6179911307b224bfbc9442d401168d http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 150794 3dce18851cd0f9da0e49af7df236dac8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 142948 69d90acefce82696bb1db4f68bfc70c9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 155958 15a467bdd1e7bdbf50d61a024502acb4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 156974 69832b6793dd3c121ae93eada967077d http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 107174 d2138453acdf0e700bdf074e33e99286 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 108480 fedf19d305e641f2d3c370dced2309e5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 32962 e7bd906326133b9381e2cb49c8af646b http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 33388 bcad2f4d1eb61a1d7d795e75854ca434 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 60704 84ae7bb7df1e8102cb7a7a190d963362 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 61154 66fd1b4c06a054c95fad67893640b621 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 82652 ce2130dbd82535557b662084e728928a http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 82958 d439c65c130de9fa29027716f8710874 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 48356 daa2818cfb4b21a7032416c18182b147 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 48244 6a2211f86f7f8df90c5b8ceb38a4a627 http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 8190 b40afdf981d8fe354b20d0bc7cc83c3a http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 8440 70afae21dbbd5f5cef34294c8de8e725 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 51050 5fe6712265c74000a7d92360c4d1ac81 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 52908 cf6981bb68eb23f899b6a55642238b7b http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 92184 fe7ae21dc89d89b1921f4ed7cbbabf59 http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 92448 e18bed4505a2ca45dfd67499c87f3b8b http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 1442928 f9784301cbe888b3a7610f69210845c9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 1426196 fee708e2af1dab92610fb1c3496c95da http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 43236 4b344cdc662f35bad896e8c7bc726f21 http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 42796 91578f1e887bac7983dae7884b357616 http://security.ubuntu.com/ubuntu/pool/main/l/linux/socket-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 11406 097f3d4965b4fb4b62250309b71ea556 http://security.ubuntu.com/ubuntu/pool/main/l/linux/socket-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 12016 4c3681d6ac324a27218a5d7f1eb012a4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 470332 975e3f02a4bdd541e27f7c917bcfcb11 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 472254 3d79ecbffb9a08a25f5e818718137079 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.24-24-386-di_2.6.24-24.55_i386.udeb Size/MD5: 70450 aeb3fece9342114f992fec68f5d48f71 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.24-24-generic-di_2.6.24-24.55_i386.udeb Size/MD5: 71368 a6bb96b015f25d08f5628aeedd3bcb81 http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-24-openvz_2.6.24-24.55_i386.deb Size/MD5: 20243576 c1424fd878abdcd2a7bc29fc88369c9b http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-24-rt_2.6.24-24.55_i386.deb Size/MD5: 18527060 4213eff1e17851fd9a6ba77150b54638 http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-24-xen_2.6.24-24.55_i386.deb Size/MD5: 18773284 a33c73287198621afbe02e414e91d696 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-24-lpia_2.6.24-24.55_lpia.deb Size/MD5: 636610 4747e9fa2334ce46a6f0700646291dd9 http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-24-lpiacompat_2.6.24-24.55_lpia.deb Size/MD5: 703234 44e3bcfa9a931471c392192cfb0c54a8 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.24-24-lpia_2.6.24-24.55_lpia.deb Size/MD5: 14504750 5e482a7e08464985b808a6230a00d1b3 http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.24-24.55_lpia.deb Size/MD5: 705278 c7d8b590dbff2f80c38689e174e2723a http://ports.ubuntu.com/pool/universe/l/linux/linux-image-2.6.24-24-lpiacompat_2.6.24-24.55_lpia.deb Size/MD5: 19810228 4d05fa4a2372061c0c1ac2637ee08ff6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 334050 549350eae9ac212a55977acc795e683f http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 318864 ab27ac3a958eb09b9d12fafd09a77df8 http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 62716 00b04f957690db8a0ba8a22438f2e496 http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 73002 e8cb037fdde1bdb771482900638bb6d4 http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 41434 88738c9f94ad51860b132ec86417d295 http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 47824 b3c9f8d3e3d792c644dc6dff2da19df8 http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 89458 52a345ac135c1ac50f528412b7d31f75 http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 105682 57846bf90eef89a20cdf99b67e2f6b2a http://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 44804 3f9bc834fa30a5f15a054bc4a1ffcae0 http://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 40928 a1c7bfd9166c6dbd96f79c7454d72bb4 http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 704240 118333ea34b764806834b8da0975eb32 http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 770534 f2ff41faa006ee681e1f0fa467626f98 http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 242804 cd1d00ce97f420cc7a7ea0e73b11bc17 http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 245874 bddc2d618001db1be1d3330b921e498a http://ports.ubuntu.com/pool/main/l/linux/ide-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 69130 630b48f7871d88b3c2ec42ba406b56df http://ports.ubuntu.com/pool/main/l/linux/ide-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 132574 c32734e71c98e17a3d3326c2d0caaa03 http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 70240 1f2caeecf72dea50709079d5987714e8 http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 77438 9c53877ef28007ed1185a93ec5cf90f5 http://ports.ubuntu.com/pool/main/l/linux/ipv6-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 146066 8b3b83976cc2eec52b5dbb49568c2b44 http://ports.ubuntu.com/pool/main/l/linux/ipv6-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 165040 7e0732ce30c7d287c6897fd89f0eab03 http://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 387144 7681e85a926a3cfd4bd1101bfe802ef0 http://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 350038 c70af186448028febde4ce8eb77751f7 http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 2429338 f466200ef72ff34ab3048e67e2fefa4d http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 3471000 339b6ce1c1190471faa546011cbe67a6 http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-24-powerpc-smp_2.6.24-24.55_powerpc.deb Size/MD5: 650754 d55d970951a1844ed71f6e3c91709989 http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-24-powerpc64-smp_2.6.24-24.55_powerpc.deb Size/MD5: 654978 1b04d2d2aab7846f7799a90433106d2e http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-24-powerpc_2.6.24-24.55_powerpc.deb Size/MD5: 650486 a9a4f052ac25ea294b6d285808c441da http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.24-24-powerpc-smp_2.6.24-24.55_powerpc.deb Size/MD5: 20160752 f0ee78fa89e85b317dc850d8a5cd5f4c http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.24-24-powerpc64-smp_2.6.24-24.55_powerpc.deb Size/MD5: 21366650 f8c2e33729bac5cc66aade8eed5893a9 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.24-24-powerpc_2.6.24-24.55_powerpc.deb Size/MD5: 19924130 c30583206aa8506e4f8316e3519bb038 http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.24-24.55_powerpc.deb Size/MD5: 695442 60d6d8281a73567a3a1859e603604f2d http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 266766 d734653d249aba57e366ae07a6b1fc93 http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 307642 097f927755577ead97570034ae0f6388 http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 192170 d8d4fde8fe228d72875d66dd761ed7df http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 201578 5f98ef6e232bfb91d8a91be636a154c9 http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 271794 5072cd3330a816dcaa3a77f3805464e3 http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 305896 4fe491fccc865c3d73ccf92bae2544b5 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 1806898 510190e890ad1fc342fafec66b6ab616 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 2117694 2af9aa4973ab6554eaf799abcff3e1b9 http://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 235192 379bf968241b634089ebbf2a3ba440e0 http://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 225202 4066dff0c55796f0af7809947252d479 http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 170102 1a3ccf3058cab72bba610082bd9dd390 http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 199686 447cab0246a933abfac18838eaac032a http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 117910 9074869c8dad579b52daaafefebd100c http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 139200 06c2711f162832bcaf4141298024f18e http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 45366 e9f0bb9ae84949936a872f1a90ad4118 http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 46836 05b95ec8a1a0557f8b82e1b0000e2dcc http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 51136 34dd7d7fb1c2ed5e3d1c737573fb2cd5 http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 60286 99bbe8d8d2ffb39ba38190798354c608 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 74166 682080eb95c5a3820aacf3a3654e9a77 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 87206 4e21dc9fe1e1899d668fa3e0a5e15e14 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 76004 1ae6a390c94233465c10686bf504e4bc http://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 30226 9649e84d3347d6ff643833bb0911f670 http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 8492 100b04ee69053cb99263a9639d1fe52e http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 10026 9b7c48978f55d3ab82a253db053175d7 http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 57368 dbba71ebc8d5e9ab03a061cc143d8c6e http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 68688 9dba3901ed2ccf499412430b8ae02ffe http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 101246 290026d8946c001bd7e2f9e8d6510a6b http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 147768 ad3b8e8f8947d09aa69cbd7f9034e440 http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 1565048 4e7fd21f0fa808514fc1f84e6113e4dd http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 1514044 2eb4cb565003a82d51c8cc36db03c6e7 http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 76680 6c5817e16da05b6017c93af9ac31fe2d http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 85964 45673fac64f8a6d5074a5173bfeb38e0 http://ports.ubuntu.com/pool/main/l/linux/socket-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 12710 25923caf1ed00118907a4e61b5df617f http://ports.ubuntu.com/pool/main/l/linux/socket-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 14558 22805c8e35fa454f643f9913f2a0083d http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 449544 ff9ce90996651531510b7880de3d87fd http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 504018 c28ce7f4984fff73f65845d644d956db http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.24-24-powerpc-di_2.6.24-24.55_powerpc.udeb Size/MD5: 83508 cc54fd358a4e6f5b812fefc493f53d49 http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.24-24-powerpc64-smp-di_2.6.24-24.55_powerpc.udeb Size/MD5: 108720 70ec0fd895b63491bc5b5e895d23e730 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 59596 e0228d1b8d48dcb9b2eeb5a133fd4fea http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 71728 1cde4a7c06765886c874a504349c7295 http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 42454 dede4ea8cdb116e8865de77c903012a6 http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 91760 fb38bcd0b2c03e153c25569fd6bf6f7f http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 587002 31d43eb6a4b4fba550bd644c5e3dab86 http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 171008 431c1bde571792a29e2c746ac89f4069 http://ports.ubuntu.com/pool/main/l/linux/ide-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 22354 17062dcda3c2018f97dbc320045cff0e http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 46050 111c0d79c0bdad8a685f422383037219 http://ports.ubuntu.com/pool/main/l/linux/ipv6-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 152862 e2cc622a55df2744b07812def8c89239 http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 2121270 a2a2e37a9c05525401efaffc7ce199e7 http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-24-sparc64-smp_2.6.24-24.55_sparc.deb Size/MD5: 562642 a76540180de0ac6e12dac23389ac1b3f http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.24-24-sparc64_2.6.24-24.55_sparc.deb Size/MD5: 560822 72eb5f3fcb523dd8106850417fd0520e http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.24-24-sparc64-smp_2.6.24-24.55_sparc.deb Size/MD5: 14090906 2d868fdedfc320b2239dbf301790d1dc http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.24-24-sparc64_2.6.24-24.55_sparc.deb Size/MD5: 13802896 bf6e9b86cbdede26fd89061b10296551 http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.24-24.55_sparc.deb Size/MD5: 750358 2aa64567f87f3e01794a2c86529da23d http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 270052 0ba83932dbed8aeaf6ddd3a29b692a46 http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 190274 e71570e211349110b3e422c4be949ad2 http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 262746 5945be1dee0f68cc7c2accaf043bc050 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 1385732 1e777b3f2817abf6b080c0716332bbd5 http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 175218 97800c61086265b7ec2e905295897e5a http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 122096 951902334238b51aa9b172b78962db10 http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 40402 c630c56f90c33e2bd29d18af59670427 http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 48062 599c33d62648436711413f7d36da2d18 http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 8700 5d3347aa29bdfac095254b435ed40d98 http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 60398 53c6a79c562b197f78a7e1fdb4e77e95 http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 106764 9889da01d9805293d43cab0fd63ffeec http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 1001728 2fe7e877334ddd3cf236f6e98f5f46fe http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 9512 be22a95339bad90349084fa441b1471f http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 391164 43cbe127ea4d0b428ac38c360e235cb3 http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.24-24-sparc64-di_2.6.24-24.55_sparc.udeb Size/MD5: 75858 d3fd8c3a8134018d37ddc66b7fb0711d Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.27-14.35.diff.gz Size/MD5: 3181140 f341f37430b19a4815761da90e63e255 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.27-14.35.dsc Size/MD5: 1491 348bdb8051f6821a99b6e0725c2aca64 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.27.orig.tar.gz Size/MD5: 63721466 482b04f680ce6676114ccfaaf8f66a55 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.27_2.6.27-14.35_all.deb Size/MD5: 3489746 1ff47091f292a7388a12f08f9dc8f8b7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.27-14_2.6.27-14.35_all.deb Size/MD5: 5793886 6b12bcd8a9d7fbb597c13d0aa0d285bf http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.27_2.6.27-14.35_all.deb Size/MD5: 52077688 28412f9128132c91c15915a3d5812093 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux/acpi-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 36522 304d150ef4d9a9db9695c2ea3eddf798 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 265178 c0cedca8f9af22d7d35a6f5331e64f46 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 53460 164d97bf182cdc710089336701669026 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 43068 27182ab8ec89343ddb1acaadb79d20a8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 52322 615253a966a6cfb75cde1ea2e74cdcfb http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 89740 8ed1b79d7e290f7bf3cb49f50907e370 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 38172 56c5bfbb21825a4fa74292c63532e201 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 676692 265d0d3fd047797b08261901f3cb50d1 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 158538 b27457d63fe234182a931c857b64d242 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 46344 f4e9b955dc853195fd05ecae5f140794 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ipv6-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 154248 ad469c83e50590ada6c4b399a6d69854 http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 312772 95e8ea1f4626ae7ced5c93597fbd8af0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 2602274 23d7c86bd8d4ad26d754b97a428b74d4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.27-14-generic_2.6.27-14.35_amd64.deb Size/MD5: 660580 6c6df3fe5e9f36c47392b8df503fb996 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.27-14-server_2.6.27-14.35_amd64.deb Size/MD5: 660584 05bb6f130a1faac0e47c59a64cb59e41 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.27-14-generic_2.6.27-14.35_amd64.deb Size/MD5: 23065618 fe985c117c3b6faee48830f64cabf971 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.27-14-server_2.6.27-14.35_amd64.deb Size/MD5: 23071172 a9d6617828de879a1ef4a68610f06e43 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.27-14-virtual_2.6.27-14.35_amd64.deb Size/MD5: 10464288 f91fdb8992629a5ae82cbcb2d383b8e7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.27-14.35_amd64.deb Size/MD5: 673298 fe94d2d76e3a5dce812d7d8a597637a1 http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 434636 6fe6ed3dc5c57e5a876f2c6c6c7fbb88 http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 186386 338f1bad9040bf0c78ee9397de9398b0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 275414 4a5d4c3690aedd96e3eee3d922d73728 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 1809338 6afa319ea3d9f91e4d16629b86afb1b6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 151300 cdf306368201a053d740b4d77bf62c02 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 194010 d7ed2a96bbd6dcfa75c163511c8b4f7c http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 168054 27dbc834cddb14ce830806e769efb0b6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 36432 95637deca9859881af3edf3db8e06ccc http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 83440 e97ed7ed724ca8c518927601f6b433b9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 71986 1c4c570c1fe15e5cebad90d8a93cf70f http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 23240 ebaa5d5263395e8517ea82ae3b92ddfc http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 9012 f865b88210a4c54d8fdc79a9cfbdf4a0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 68492 6994b7e19338405c0e127924e67e516d http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 110292 8e81e11a44a41f94fef4dff4e59e3da3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 1275410 34848383b66939762660048e268e8441 http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 47594 9181c757204f49f4d0dac390e83f02a4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/socket-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 13480 a51476c745872d0858d9b7033a64ea9f http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 393508 9500d323c74c9a330c85183c1686ff49 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 200788 c5ed4008f970210bb982f80cbce591e4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.27-14-generic-di_2.6.27-14.35_amd64.udeb Size/MD5: 13620 2fc4b4f188f9218932d0490308507835 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux/acpi-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 33922 f40a1e72d099b64c586a6db641443044 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 244642 b720012479a1cbe6ba08d28302584fc9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 55394 90c1f139ebe83c6d6d8b1a1fc1061297 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 41218 c1b7874af183c54e95df8d57557aa7c0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 48654 dfb3c0359053a662017fd9dea0f840ab http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 86896 3e594eaa10f4598f2c050daf5ee208e5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 34058 c5f4fc9d0f61e279e0f6a9b351545b27 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 675184 eac37d6873c317fec9dbc41af85ce84f http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 158298 fdb6996d620940e986f9e809a1061414 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 43598 8d56f44e1e6c01610509b5cdc9ea5f42 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ipv6-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 145120 47f331154c2773e7861a63965661123a http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 301946 d7980f5869e46243a45b37625ad61afe http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 2435224 46b565365b11d793768f04f50a4c248b http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.27-14-generic_2.6.27-14.35_i386.deb Size/MD5: 643392 3e61d3633116618454601e745e24a863 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.27-14-server_2.6.27-14.35_i386.deb Size/MD5: 644726 37a677e1e3004e6b42d0958beeb0fda7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.27-14-generic_2.6.27-14.35_i386.deb Size/MD5: 23478050 04856487eac811aebdd2a30416889f40 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.27-14-server_2.6.27-14.35_i386.deb Size/MD5: 23600374 2b9a4093fbdd02dbd054cbe8ca2384f1 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.27-14-virtual_2.6.27-14.35_i386.deb Size/MD5: 10108412 0d4c0bd4e94cac0ea3b384b6b1d29cb5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.27-14.35_i386.deb Size/MD5: 673308 dc76499e326c2f5c2e10b547241ed770 http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 432904 836dfe4f7fd217c3d6b4e50ee27ff5ec http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 171144 e01935798941dc8722f25c9e499d7dba http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 263706 ad942f31cb448980c110c5d65b4c5938 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 1993126 9e48f8f227a345c72ae76263b3acc41e http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 150922 d45e54c03e6524f7409d8ffe6ccbc1fe http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 183850 26ff7871dda8a29516eb04951e395500 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 157722 7cefa9c1e1abd9574daa5a2732c8d43b http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 34498 a323c4253a702888a9ee866bafcac9e5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 78252 3306e0596c6ec6a941906ec5cf1b5896 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 86172 14f820994a04b74bacc55f908ced747a http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 51176 929ace31f9151a14f646711b57141335 http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 8794 c6ff3050c0e8d61f69978e3a64f3afc0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 64308 ab5438618e09f3747c9cabe4d2202d42 http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 102010 d66cf8423068745b1896a2d37087ea57 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 1449250 cc24f0d8b7411f15f0b3704c92c73719 http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 44514 0763f6eeda9cf0971a5145eeca31a37b http://security.ubuntu.com/ubuntu/pool/main/l/linux/socket-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 12642 4142729eb596aefe6b55a3c91b537aa7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 372528 2ec016366a3c65b130470af25b4f4cd9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 189698 577f8d2648589a2620fe4917bcd90e4a http://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.27-14-generic-di_2.6.27-14.35_i386.udeb Size/MD5: 12992 aaf90b0f25f26915752e0d01ffdf1404 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.28-13.45.diff.gz Size/MD5: 7052018 c30f6c12f534fb270e77a8db16658c00 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.28-13.45.dsc Size/MD5: 1988 c31e8f14e5353913483bcbe5134a221a http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.28.orig.tar.gz Size/MD5: 66766084 062c29b626a55f09a65532538a6184d4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.28_2.6.28-13.45_all.deb Size/MD5: 3630660 dff37123aa2a0a01813aaafa113efeaa http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.28-13_2.6.28-13.45_all.deb Size/MD5: 8694158 d568990611704c5022f17a406bba56da http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.28_2.6.28-13.45_all.deb Size/MD5: 56896726 2218180442fe2265c4a383718103d24b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 234530 8ca4ab91f04156b591af5e036a9d9eaf http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 44110 3d35edf87a693b4aec248c4e110db223 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 43326 8b5f1e9917275cb49fd5cdc5fe7c372c http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 51102 a1b090802ce4589182c26704db51e79a http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 89946 692cdd4f68027d91736aee9507a279a3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 37992 40f149752511e8e7d4b527bd321f5f61 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 521610 a346bd312d8eed61e8bb96fb59f3b9b9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 125632 86429c19731c1bbc4fc7025d4659f4e0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 58050 dbb7ceb698b6e40a9429b35804416265 http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 312206 2bd5e6bd4338e51c72d349a40a24afb9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 3867978 7532ceaadca5ac062476c9a058e87f87 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.28-13-generic_2.6.28-13.45_amd64.deb Size/MD5: 684590 ce636ed44071caf1eb5696a5b4cd3d52 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.28-13-server_2.6.28-13.45_amd64.deb Size/MD5: 684602 67c72e9124b19974c39f55341d293d4f http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-13-generic_2.6.28-13.45_amd64.deb Size/MD5: 24250596 54189eb7095f154663e12fcbd03e3052 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-13-server_2.6.28-13.45_amd64.deb Size/MD5: 24255096 11079badc74f668bfa9299a94eee9500 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-13-virtual_2.6.28-13.45_amd64.deb Size/MD5: 10522290 889f00238ab9579a1a3787b6f4093bba http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.28-13.45_amd64.deb Size/MD5: 761032 20f696493a51b361c8211cd3a99773a3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 215158 e7434a687dec03b384f88e8e86870b2d http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 189390 cd7116d69deef0ccd449097583b27125 http://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 29396 de5e69d2393ad59f85a530a3a1076f03 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 274128 a4bb104369c8be8748a38ec66a6649b1 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 1826044 25d1a4452606ab450f214afd2c6da482 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 163490 edffca1a4f08889ab04638134e70bdfa http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 194758 84976648caa181490b9c748f7672e20c http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 152946 38f0b1e429efc2993fb2f0346daf98d2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 36490 09b7bf2b970fab395adc80da34772183 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 5842 6a537fc3a2af29ba6fd981ce8b2b19f0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 72132 2416b9382cc51b3b1c424d52bbf379b0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 22716 d5f4dc6ca66de6c6044e2fcfcf9783c5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 8878 58927a3e2b4abbb9a3e0e19c969b701a http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 47470 8cd84b96c9d3b1e32b3e7d29042b4a91 http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 15622 5b3599e51e3513f458430702ba57410a http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 1272842 175bd4440eb113fa0b72b1c3897457c4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 47218 3bf3faa60421de087af2696985c361eb http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 72626 f431e2290ae3347326ff8b3fc5b5bf98 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 126946 c82470ee359a4f8d7879367739e73f1d http://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.28-13-generic-di_2.6.28-13.45_amd64.udeb Size/MD5: 13472 0299bdd96f706adde62bcbf1fe873527 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 215716 af09e22b5eededba6f06bbce4b6f7f6e http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 46662 cbb33d90c53ae6c5a277c9f4402188e1 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 41344 c369ce39d1595df751bf81a7ca1d4831 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 47378 092cfe8af282c15f332902a0295fe1b4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 86848 c2b5e966fc9e4476ab1b6c6fde5bb7a5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 33574 e7b69e22af4eb33299e772769f464803 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 525474 11f2df9f8143a48c6395b3b51fbd964e http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 125494 feafd7e08878356c984098698d832b72 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 54864 7bf17f733cf036e0492643870dbc439a http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 300874 8e5766303f17caafeffc6db2d3590487 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 3741754 f62502087f0d206a7c43856618b63099 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.28-13-generic_2.6.28-13.45_i386.deb Size/MD5: 668290 36fb94764dc7b473989ab048f6f8d18d http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.28-13-server_2.6.28-13.45_i386.deb Size/MD5: 669404 6dcdc4988b80b0d5fad7a49eec4b3f68 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-13-generic_2.6.28-13.45_i386.deb Size/MD5: 24584190 6d3e2aed50aed94ac91512384ae202a8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-13-server_2.6.28-13.45_i386.deb Size/MD5: 24662820 2f4ac0738424f2295bff2077238b126b http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.28-13-virtual_2.6.28-13.45_i386.deb Size/MD5: 10219490 e088239542d6b5caa4ba16b16c9ca5ce http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.28-13.45_i386.deb Size/MD5: 761048 a2f34260d40ebb215d26ed09a45e4fe1 http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 218044 3cfad485954208027c844fe40bc0b838 http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 174812 bf413e3a9b0cb7ab124f411ead7df97d http://security.ubuntu.com/ubuntu/pool/main/l/linux/mouse-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 30068 22dfd9b4f06187b520b67d4855f7573f http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 262414 0e23c7445d3582011f9767101e4af06c http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 2007452 f84390b7d8d9f8b32c74823649b247aa http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 150198 05caa7db9bb38f7a42ec7ab0deb6ce47 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 184298 45df2dcc24ab9a0ffc27da827f246206 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 143542 5f862fc8f33fc1e4fbcabf78a733f1de http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 34572 92451114d002c65edb0d89d053a7037e http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 5502 f39f3f824fff9020a7fa80358fdfe7b9 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 85990 04a9436fc3c061a9feedf8a46b79a534 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 47334 7134b0740644c5c266d52dc6d7524d68 http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 8712 cbd3f0e41be40915f413ac5802a6221e http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 44698 0cd8ea7ec39409e8563ab5c8c9e0248c http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 14740 c7287bd485367a228246ef8502f3d175 http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 1445196 81a9314640917265a536c3894ceed78a http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 44092 84aac7e95054a44fcfc589bce5129355 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 69138 e79c9c942d7e02b83359cc1fe7fe6e6e http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 119512 ca6a4973ba663fe06f57b52c47b3fe5b http://security.ubuntu.com/ubuntu/pool/main/l/linux/virtio-modules-2.6.28-13-generic-di_2.6.28-13.45_i386.udeb Size/MD5: 12672 cff86af5ddbc47b6cc5dbf6892f7f3ad lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 215242 34f3d0cfbebcc281bff8887d58a2fdd1 http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 46662 b60318e129f56b4f1ace761bfcbfeb8c http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 40950 aaa3fffb7bbd0ad7dbe1a49fd48d3cb0 http://ports.ubuntu.com/pool/main/l/linux/fb-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 47292 4ca4fffc517a758eb5a9dc3dd69eb2c3 http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 86454 ba73d27d65487eed24ef32dade5dd6f3 http://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 33270 96d878bfefd1667337a7d781624744fe http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 523424 3b0daef52c7fbc78f477a82d2885eedb http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 125172 ca7244bb0c9ea93bf1793fafc8d93249 http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 63536 a2ddb239393108fb7888391bdbcc0235 http://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 300334 b0fe7216d15a908a78ef5eee547efef9 http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 3033028 ae4b9666c230f663aa490e5ef7915d3c http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.28-13-lpia_2.6.28-13.45_lpia.deb Size/MD5: 636848 685ad5fdd4837d0fc7670b40fdc55424 http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.28-13-lpia_2.6.28-13.45_lpia.deb Size/MD5: 21714272 d7a1bafe41d1f5aaf8c2b67a9171c5df http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.28-13.45_lpia.deb Size/MD5: 761014 ebaf6b30ac3b8f5eeaa396e980eef83f http://ports.ubuntu.com/pool/main/l/linux/md-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 303684 5e037a0ca19df39904654a98a34a1bc6 http://ports.ubuntu.com/pool/main/l/linux/message-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 157340 00f6f5576c21231b566afa0e2cf8fd61 http://ports.ubuntu.com/pool/main/l/linux/mouse-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 24440 86b67b982ba9ca31546e0b2a21f0f864 http://ports.ubuntu.com/pool/main/l/linux/nfs-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 259984 8c79116a9aeb8b302834f8e1fc266955 http://ports.ubuntu.com/pool/main/l/linux/nic-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 1925766 1212a0ff61f4eda2f650f309d08be026 http://ports.ubuntu.com/pool/main/l/linux/nic-pcmcia-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 149320 40933fec799a654327e69f3e147f84d5 http://ports.ubuntu.com/pool/main/l/linux/nic-shared-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 184726 9c6154589bfc80b2dbddd2bcb84427de http://ports.ubuntu.com/pool/main/l/linux/nic-usb-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 143218 050db10728b271bdc222ec1af04581cb http://ports.ubuntu.com/pool/main/l/linux/parport-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 34468 33f04ac2a7c747cace4c3cca47fc5c33 http://ports.ubuntu.com/pool/main/l/linux/pata-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 5494 d974930a7f9c6808966eb8a90f7b6e09 http://ports.ubuntu.com/pool/main/l/linux/pcmcia-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 85642 67d356fdc7853f0e2080da162297ce7a http://ports.ubuntu.com/pool/main/l/linux/pcmcia-storage-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 47256 d814aa4d377714470bd6acc6a5e310db http://ports.ubuntu.com/pool/main/l/linux/plip-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 8708 97001eca3bfbeea54af2f8754beb6417 http://ports.ubuntu.com/pool/main/l/linux/ppp-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 63068 f7c2bd8e6e913ccebecc87873d9c5ce3 http://ports.ubuntu.com/pool/main/l/linux/sata-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 14688 2bf1158a576fa810d85facf7bfd4b6d2 http://ports.ubuntu.com/pool/main/l/linux/scsi-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 1446758 b3a985a1ea798516afd4a7afd356a2e9 http://ports.ubuntu.com/pool/main/l/linux/serial-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 43890 c37408769b4cd3de313f21dd7c1ae220 http://ports.ubuntu.com/pool/main/l/linux/storage-core-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 154914 2d14ce87eaa2b0f3ab967c818d87648b http://ports.ubuntu.com/pool/main/l/linux/usb-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 172600 716eff2706e585a3064c44ca8fae9ce9 http://ports.ubuntu.com/pool/main/l/linux/virtio-modules-2.6.28-13-lpia-di_2.6.28-13.45_lpia.udeb Size/MD5: 8158 3cac29e81c3e9d2a3d905761f572e74d . Local users can exploit this vulnerability to gain elevated privileges. Rather, they will be released in a staggered or "leap-frog" fashion. Updates for arm and mips will be released as they become available. (CVE-2009-1184) The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. (CVE-2009-1337) The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. (CVE-2009-1192) The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKORHLmqjQ0CJFipgRAnzRAJ9w1CGojCsYdG001OcNmQuVonRkrwCeNMpH bzIigZKDE4V8120vojufik8= =cJ+u -----END PGP SIGNATURE----- . ESX 3.0.3 Update 1, ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section "End of Product Availability FAQs" at http://www.vmware.com/support/policies/lifecycle/vi/faq.html for details. Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan to upgrade to at least ESX 3.5 and preferably to the newest release available. ESX 3.5 ------- http://download3.vmware.com/software/vi/ESX350-201006401-SG.zip md5sum: b89fb8a51c4a896bc0bf297b57645d1d http://kb.vmware.com/kb/1022899 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5029 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5300 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 - ------------------------------------------------------------------------ 6
var-200608-0038 Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results. The Apple Mac OS X ImageIO framework contains an integer overflow that may allow a remote attacker to execute arbitrary code on an affected system. These issue affect Mac OS X and various applications including AFP Server, Bluetooth, Bom, DHCP, Image RAW, ImageIO, Launch Services, OpenSSH, and WebKit. A remote attacker may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and disclose potentially sensitive information. If the file name itself is sensitive information, it may lead to information disclosure; if the permissions allow, the attacker can also access the file content
var-201007-0949 WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the library's process for handling floating elements within an SVG document. During layout of the element, the application will mismanage references to the floating element. Later the application will attempt to destroy this reference triggering corruption. Successful exploitation can lead to code execution under the context of the application. WebKit is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. This issue has been addressed in Apple Safari 5.0.1 and 4.1.1. NOTE: This issue was previously covered in BID 42020 (Apple Safari Prior to 5.0.1 and 4.1.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. The updated packages have been upgraded to the latest version (1.2.7) to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ZDI-10-153: Apple Webkit SVG Floating Text Element Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-153 August 11, 2010 -- CVE ID: CVE-2010-1787 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10147. -- Vendor Response: Apple states: Fixed in Safari 5.0.1: http://support.apple.com/kb/HT4276 -- Disclosure Timeline: 2010-06-01 - Vulnerability reported to vendor 2010-08-11 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * wushi of team509 -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple packages, Multiple vulnerabilities fixed in 2011 Date: December 11, 2014 Bugs: #194151, #294253, #294256, #334087, #344059, #346897, #350598, #352608, #354209, #355207, #356893, #358611, #358785, #358789, #360891, #361397, #362185, #366697, #366699, #369069, #370839, #372971, #376793, #381169, #386321, #386361 ID: 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. Please see the package list and CVE identifiers below for more information. Background ========== For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-sports/racer-bin >= 0.5.0-r1 Vulnerable! 2 media-libs/fmod < 4.38.00 >= 4.38.00 3 dev-php/PEAR-Mail < 1.2.0 >= 1.2.0 4 sys-fs/lvm2 < 2.02.72 >= 2.02.72 5 app-office/gnucash < 2.4.4 >= 2.4.4 6 media-libs/xine-lib < 1.1.19 >= 1.1.19 7 media-sound/lastfmplayer < 1.5.4.26862-r3 >= 1.5.4.26862-r3 8 net-libs/webkit-gtk < 1.2.7 >= 1.2.7 9 sys-apps/shadow < 4.1.4.3 >= 4.1.4.3 10 dev-php/PEAR-PEAR < 1.9.2-r1 >= 1.9.2-r1 11 dev-db/unixODBC < 2.3.0-r1 >= 2.3.0-r1 12 sys-cluster/resource-agents < 1.0.4-r1 >= 1.0.4-r1 13 net-misc/mrouted < 3.9.5 >= 3.9.5 14 net-misc/rsync < 3.0.8 >= 3.0.8 15 dev-libs/xmlsec < 1.2.17 >= 1.2.17 16 x11-apps/xrdb < 1.0.9 >= 1.0.9 17 net-misc/vino < 2.32.2 >= 2.32.2 18 dev-util/oprofile < 0.9.6-r1 >= 0.9.6-r1 19 app-admin/syslog-ng < 3.2.4 >= 3.2.4 20 net-analyzer/sflowtool < 3.20 >= 3.20 21 gnome-base/gdm < 3.8.4-r3 >= 3.8.4-r3 22 net-libs/libsoup < 2.34.3 >= 2.34.3 23 app-misc/ca-certificates < 20110502-r1 >= 20110502-r1 24 dev-vcs/gitolite < 1.5.9.1 >= 1.5.9.1 25 dev-util/qt-creator < 2.1.0 >= 2.1.0 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 25 affected packages Description =========== Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. * FMOD Studio * PEAR Mail * LVM2 * GnuCash * xine-lib * Last.fm Scrobbler * WebKitGTK+ * shadow tool suite * PEAR * unixODBC * Resource Agents * mrouted * rsync * XML Security Library * xrdb * Vino * OProfile * syslog-ng * sFlow Toolkit * GNOME Display Manager * libsoup * CA Certificates * Gitolite * QtCreator * Racer Impact ====== A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround ========== There are no known workarounds at this time. Resolution ========== All FMOD Studio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00" All PEAR Mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0" All LVM2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72" All GnuCash users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4" All xine-lib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19" All Last.fm Scrobbler users should upgrade to the latest version: # emerge --sync # emerge -a --oneshot -v ">=media-sound/lastfmplayer-1.5.4.26862-r3" All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7" All shadow tool suite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3" All PEAR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1" All unixODBC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1" All Resource Agents users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=sys-cluster/resource-agents-1.0.4-r1" All mrouted users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5" All rsync users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8" All XML Security Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17" All xrdb users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9" All Vino users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2" All OProfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1" All syslog-ng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4" All sFlow Toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20" All GNOME Display Manager users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3" All libsoup users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3" All CA Certificates users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-misc/ca-certificates-20110502-r1" All Gitolite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1" All QtCreator users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0" Gentoo has discontinued support for Racer. We recommend that users unmerge Racer: # emerge --unmerge "games-sports/racer-bin" NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues. References ========== [ 1 ] CVE-2007-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370 [ 2 ] CVE-2009-4023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023 [ 3 ] CVE-2009-4111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111 [ 4 ] CVE-2010-0778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778 [ 5 ] CVE-2010-1780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780 [ 6 ] CVE-2010-1782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782 [ 7 ] CVE-2010-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783 [ 8 ] CVE-2010-1784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784 [ 9 ] CVE-2010-1785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785 [ 10 ] CVE-2010-1786 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786 [ 11 ] CVE-2010-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787 [ 12 ] CVE-2010-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788 [ 13 ] CVE-2010-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790 [ 14 ] CVE-2010-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791 [ 15 ] CVE-2010-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792 [ 16 ] CVE-2010-1793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793 [ 17 ] CVE-2010-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807 [ 18 ] CVE-2010-1812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812 [ 19 ] CVE-2010-1814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814 [ 20 ] CVE-2010-1815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815 [ 21 ] CVE-2010-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526 [ 22 ] CVE-2010-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901 [ 23 ] CVE-2010-3255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255 [ 24 ] CVE-2010-3257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257 [ 25 ] CVE-2010-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259 [ 26 ] CVE-2010-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362 [ 27 ] CVE-2010-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374 [ 28 ] CVE-2010-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389 [ 29 ] CVE-2010-3812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812 [ 30 ] CVE-2010-3813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813 [ 31 ] CVE-2010-3999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999 [ 32 ] CVE-2010-4042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042 [ 33 ] CVE-2010-4197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197 [ 34 ] CVE-2010-4198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198 [ 35 ] CVE-2010-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204 [ 36 ] CVE-2010-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206 [ 37 ] CVE-2010-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492 [ 38 ] CVE-2010-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493 [ 39 ] CVE-2010-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577 [ 40 ] CVE-2010-4578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578 [ 41 ] CVE-2011-0007 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007 [ 42 ] CVE-2011-0465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465 [ 43 ] CVE-2011-0482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482 [ 44 ] CVE-2011-0721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721 [ 45 ] CVE-2011-0727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727 [ 46 ] CVE-2011-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904 [ 47 ] CVE-2011-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905 [ 48 ] CVE-2011-1072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072 [ 49 ] CVE-2011-1097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097 [ 50 ] CVE-2011-1144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144 [ 51 ] CVE-2011-1425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425 [ 52 ] CVE-2011-1572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572 [ 53 ] CVE-2011-1760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760 [ 54 ] CVE-2011-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951 [ 55 ] CVE-2011-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471 [ 56 ] CVE-2011-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472 [ 57 ] CVE-2011-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473 [ 58 ] CVE-2011-2524 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524 [ 59 ] CVE-2011-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365 [ 60 ] CVE-2011-3366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366 [ 61 ] CVE-2011-3367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
var-201906-1176 Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. A successful exploit could cause the targeted system to crash, resulting in a DoS condition. Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available. Kernel.org has confirmed the vulnerability and released software updates. 7.3) - noarch, x86_64 3. Bug Fix(es): * THP: Race between MADV_DONTNEED and NUMA hinting node migration code (BZ#1698104) * [RHEL7] md_clear flag missing from /proc/cpuinfo on late microcode update (BZ#1712990) * [RHEL7] MDS mitigations are not enabled after double microcode update (BZ#1712995) * WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:90 __static_key_slow_dec+0xa6/0xb0 (BZ#1713001) 4. ========================================================================== Kernel Live Patch Security Notice 0058-1 October 22, 2019 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu: | Series | Base kernel | Arch | flavors | |------------------+--------------+----------+------------------| | Ubuntu 18.04 LTS | 4.15.0 | amd64 | aws | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | lowlatency | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | oem | | Ubuntu 18.04 LTS | 5.0.0 | amd64 | azure | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | aws | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | azure | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | lowlatency | Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. (CVE-2016-10905) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. (CVE-2018-20856) It was discovered that the USB gadget Midi driver in the Linux kernel contained a double-free vulnerability when handling certain error conditions. (CVE-2018-20961) It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. (CVE-2018-20976) It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. (CVE-2018-21008) It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). (CVE-2019-0136) It was discovered that the Linux kernel on ARM processors allowed a tracing process to modify a syscall after a seccomp decision had been made on that syscall. (CVE-2019-2054) It was discovered that an integer overflow existed in the Binder implementation of the Linux kernel, leading to a buffer overflow. (CVE-2019-2181) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. (CVE-2019-3846) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. (CVE-2019-10126) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. (CVE-2019-11478) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. (CVE-2019-12614) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. (CVE-2019-14284) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. (CVE-2019-14814) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. (CVE-2019-14815) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. (CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. (CVE-2019-14821) Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. (CVE-2019-14835) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-148.174 | 58.1 | lowlatency, generic | | 4.4.0-148.174~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-150.176 | 58.1 | generic, lowlatency | | 4.4.0-150.176~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-151.178 | 58.1 | lowlatency, generic | | 4.4.0-151.178~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-154.181 | 58.1 | lowlatency, generic | | 4.4.0-154.181~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-157.185 | 58.1 | lowlatency, generic | | 4.4.0-157.185~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-159.187 | 58.1 | lowlatency, generic | | 4.4.0-159.187~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-161.189 | 58.1 | lowlatency, generic | | 4.4.0-161.189~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-164.192 | 58.1 | lowlatency, generic | | 4.4.0-164.192~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-165.193 | 58.1 | generic, lowlatency | | 4.4.0-1083.93 | 58.1 | aws | | 4.4.0-1084.94 | 58.1 | aws | | 4.4.0-1085.96 | 58.1 | aws | | 4.4.0-1087.98 | 58.1 | aws | | 4.4.0-1088.99 | 58.1 | aws | | 4.4.0-1090.101 | 58.1 | aws | | 4.4.0-1092.103 | 58.1 | aws | | 4.4.0-1094.105 | 58.1 | aws | | 4.15.0-50.54 | 58.1 | generic, lowlatency | | 4.15.0-50.54~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-51.55 | 58.1 | generic, lowlatency | | 4.15.0-51.55~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-52.56 | 58.1 | lowlatency, generic | | 4.15.0-52.56~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-54.58 | 58.1 | generic, lowlatency | | 4.15.0-54.58~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-55.60 | 58.1 | generic, lowlatency | | 4.15.0-58.64 | 58.1 | generic, lowlatency | | 4.15.0-58.64~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-60.67 | 58.1 | lowlatency, generic | | 4.15.0-60.67~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-62.69 | 58.1 | generic, lowlatency | | 4.15.0-62.69~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-64.73 | 58.1 | generic, lowlatency | | 4.15.0-64.73~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-65.74 | 58.1 | lowlatency, generic | | 4.15.0-1038.43 | 58.1 | oem | | 4.15.0-1039.41 | 58.1 | aws | | 4.15.0-1039.44 | 58.1 | oem | | 4.15.0-1040.42 | 58.1 | aws | | 4.15.0-1041.43 | 58.1 | aws | | 4.15.0-1043.45 | 58.1 | aws | | 4.15.0-1043.48 | 58.1 | oem | | 4.15.0-1044.46 | 58.1 | aws | | 4.15.0-1045.47 | 58.1 | aws | | 4.15.0-1045.50 | 58.1 | oem | | 4.15.0-1047.49 | 58.1 | aws | | 4.15.0-1047.51 | 58.1 | azure | | 4.15.0-1048.50 | 58.1 | aws | | 4.15.0-1049.54 | 58.1 | azure | | 4.15.0-1050.52 | 58.1 | aws | | 4.15.0-1050.55 | 58.1 | azure | | 4.15.0-1050.57 | 58.1 | oem | | 4.15.0-1051.53 | 58.1 | aws | | 4.15.0-1051.56 | 58.1 | azure | | 4.15.0-1052.57 | 58.1 | azure | | 4.15.0-1055.60 | 58.1 | azure | | 4.15.0-1056.61 | 58.1 | azure | | 4.15.0-1056.65 | 58.1 | oem | | 4.15.0-1057.62 | 58.1 | azure | | 4.15.0-1057.66 | 58.1 | oem | | 4.15.0-1059.64 | 58.1 | azure | | 5.0.0-1014.14~18.04.1 | 58.1 | azure | | 5.0.0-1016.17~18.04.1 | 58.1 | azure | | 5.0.0-1018.19~18.04.1 | 58.1 | azure | | 5.0.0-1020.21~18.04.1 | 58.1 | azure | Support Information: Kernels older than the levels listed below do not receive livepatch updates. Please upgrade your kernel as soon as possible. | Series | Version | Flavors | |------------------+------------------+--------------------------| | Ubuntu 18.04 LTS | 4.15.0-1039 | aws | | Ubuntu 16.04 LTS | 4.4.0-1083 | aws | | Ubuntu 18.04 LTS | 5.0.0-1000 | azure | | Ubuntu 16.04 LTS | 4.15.0-1047 | azure | | Ubuntu 18.04 LTS | 4.15.0-50 | generic lowlatency | | Ubuntu 16.04 LTS | 4.15.0-50 | generic lowlatency | | Ubuntu 14.04 LTS | 4.4.0-148 | generic lowlatency | | Ubuntu 18.04 LTS | 4.15.0-1038 | oem | | Ubuntu 16.04 LTS | 4.4.0-148 | generic lowlatency | References: CVE-2016-10905, CVE-2018-20856, CVE-2018-20961, CVE-2018-20976, CVE-2018-21008, CVE-2019-0136, CVE-2019-2054, CVE-2019-2181, CVE-2019-3846, CVE-2019-10126, CVE-2019-10207, CVE-2019-11477, CVE-2019-11478, CVE-2019-11833, CVE-2019-12614, CVE-2019-14283, CVE-2019-14284, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-14835 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2019:1481-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1481 Issue date: 2019-06-17 CVE Names: CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477) * Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478) * Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1719123 - CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service 1719128 - CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service 1719129 - CVE-2019-11479 Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-957.21.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.21.3.el7.noarch.rpm kernel-doc-3.10.0-957.21.3.el7.noarch.rpm x86_64: bpftool-3.10.0-957.21.3.el7.x86_64.rpm kernel-3.10.0-957.21.3.el7.x86_64.rpm kernel-debug-3.10.0-957.21.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.21.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm kernel-devel-3.10.0-957.21.3.el7.x86_64.rpm kernel-headers-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.21.3.el7.x86_64.rpm perf-3.10.0-957.21.3.el7.x86_64.rpm perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm python-perf-3.10.0-957.21.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.21.3.el7.x86_64.rpm perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-957.21.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.21.3.el7.noarch.rpm kernel-doc-3.10.0-957.21.3.el7.noarch.rpm x86_64: bpftool-3.10.0-957.21.3.el7.x86_64.rpm kernel-3.10.0-957.21.3.el7.x86_64.rpm kernel-debug-3.10.0-957.21.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.21.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm kernel-devel-3.10.0-957.21.3.el7.x86_64.rpm kernel-headers-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.21.3.el7.x86_64.rpm perf-3.10.0-957.21.3.el7.x86_64.rpm perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm python-perf-3.10.0-957.21.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.21.3.el7.x86_64.rpm perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-957.21.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.21.3.el7.noarch.rpm kernel-doc-3.10.0-957.21.3.el7.noarch.rpm ppc64: kernel-3.10.0-957.21.3.el7.ppc64.rpm kernel-bootwrapper-3.10.0-957.21.3.el7.ppc64.rpm kernel-debug-3.10.0-957.21.3.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm kernel-debug-devel-3.10.0-957.21.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-957.21.3.el7.ppc64.rpm kernel-devel-3.10.0-957.21.3.el7.ppc64.rpm kernel-headers-3.10.0-957.21.3.el7.ppc64.rpm kernel-tools-3.10.0-957.21.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm kernel-tools-libs-3.10.0-957.21.3.el7.ppc64.rpm perf-3.10.0-957.21.3.el7.ppc64.rpm perf-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm python-perf-3.10.0-957.21.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm ppc64le: kernel-3.10.0-957.21.3.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-957.21.3.el7.ppc64le.rpm kernel-debug-3.10.0-957.21.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.21.3.el7.ppc64le.rpm kernel-devel-3.10.0-957.21.3.el7.ppc64le.rpm kernel-headers-3.10.0-957.21.3.el7.ppc64le.rpm kernel-tools-3.10.0-957.21.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm kernel-tools-libs-3.10.0-957.21.3.el7.ppc64le.rpm perf-3.10.0-957.21.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm python-perf-3.10.0-957.21.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm s390x: kernel-3.10.0-957.21.3.el7.s390x.rpm kernel-debug-3.10.0-957.21.3.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-957.21.3.el7.s390x.rpm kernel-debug-devel-3.10.0-957.21.3.el7.s390x.rpm kernel-debuginfo-3.10.0-957.21.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-957.21.3.el7.s390x.rpm kernel-devel-3.10.0-957.21.3.el7.s390x.rpm kernel-headers-3.10.0-957.21.3.el7.s390x.rpm kernel-kdump-3.10.0-957.21.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-957.21.3.el7.s390x.rpm kernel-kdump-devel-3.10.0-957.21.3.el7.s390x.rpm perf-3.10.0-957.21.3.el7.s390x.rpm perf-debuginfo-3.10.0-957.21.3.el7.s390x.rpm python-perf-3.10.0-957.21.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-957.21.3.el7.s390x.rpm x86_64: bpftool-3.10.0-957.21.3.el7.x86_64.rpm kernel-3.10.0-957.21.3.el7.x86_64.rpm kernel-debug-3.10.0-957.21.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.21.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm kernel-devel-3.10.0-957.21.3.el7.x86_64.rpm kernel-headers-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.21.3.el7.x86_64.rpm perf-3.10.0-957.21.3.el7.x86_64.rpm perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm python-perf-3.10.0-957.21.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-957.21.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-957.21.3.el7.ppc64.rpm perf-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm kernel-debug-devel-3.10.0-957.21.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.21.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-957.21.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.21.3.el7.x86_64.rpm perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-957.21.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.21.3.el7.noarch.rpm kernel-doc-3.10.0-957.21.3.el7.noarch.rpm x86_64: bpftool-3.10.0-957.21.3.el7.x86_64.rpm kernel-3.10.0-957.21.3.el7.x86_64.rpm kernel-debug-3.10.0-957.21.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.21.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm kernel-devel-3.10.0-957.21.3.el7.x86_64.rpm kernel-headers-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.21.3.el7.x86_64.rpm perf-3.10.0-957.21.3.el7.x86_64.rpm perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm python-perf-3.10.0-957.21.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.21.3.el7.x86_64.rpm perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11477 https://access.redhat.com/security/cve/CVE-2019-11478 https://access.redhat.com/security/cve/CVE-2019-11479 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/tcpsack 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXQfc5dzjgjWX9erEAQiHvA/9H8ok5idW5wQXIYe9k2vrUnDV0EilyBeN ybKZlww2bhuHKYwmUKD2WSbggNXvxOR0uzuLTEqM5R0od4ALa4SSxdNMTVO1ac8V 4nogSc7quxNGoYdhXyWPFqRTWIGMMV7mXRifTqGskcB1xB5JwMc2mGGvFA3xXGDu lxvNK70J+HjlTFf4wodaRCZdmyEQxYB8rOxQ42U+yFcbPmPqlyvLJV/6ULHU2utZ K/Ifmd5g9B0NbDR8hceVIdWFD6XIUbiyItn3Ubx0IHaBDVE9j+fo3FQ+ciPG73CD kl7nfHU0ebOrooxZQxFmbVltPUlVwyZQ6H/d1a31ZNdWDu/LQkG94bY7YARfDFLT xsJKMW+pQjAlFAbEVEBbesMXBwb6qdRgpugyr0o8cZbOYAEH2vkxbf1rcz1wAGgv dMRxnvUbgNML50jSuAh80vdzCjrkmhJxO2KSZXwEoLyDiiwfs4MILf20W+jn8tdG p6AGgFkENInQtAuAbcQHpjCmJPUNLoSKuzpQAry4RCNfklFElKhJxlHoxUPqvc42 SUN5BS7w8SF70ANWiW/V73+nYcDKJfV/3oMndJInVaCER6GF6NwpGQb7DjLM4krh gxhcCHeA0dHKVL8udjSrrEbdi4c3OmXz53p36Ww/Yh8k3BhVid7Wzt3HPBWFF5qs rjP0JW27B5U=rNYS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * [HPE 8.0 Bug] nvme drive power button does not turn off drive (BZ#1700288) * RHEL8.0 - hw csum failure seen in dmesg and console (using mlx5/mlx4/Mellanox) (BZ#1700289) * RHEL8.0 - vfio-ap: add subsystem to matrix device to avoid libudev failures (kvm) (BZ#1700290) * [FJ8.1 Bug]: Make Fujitsu Erratum 010001 patch work on A64FX v1r0 (BZ#1700901) * [FJ8.0 Bug]: Fujitsu A64FX processor errata - panic by unknown fault (BZ#1700902) * RHEL 8.0 Snapshot 4 - nvme create-ns command hangs after creating 20 namespaces on Bolt (NVMe) (BZ#1701140) * [Cavium/Marvell 8.0 qed] Fix qed_mcp_halt() and qed_mcp_resume() (backporting bug) (BZ#1704184) * [Intel 8.1 Bug] PBF: Base frequency display fix (BZ#1706739) * [RHEL8]read/write operation not permitted to /sys/kernel/debug/gcov/reset (BZ#1708100) * RHEL8.0 - ISST-LTE:pVM:fleetwood:LPM:raylp85:After lpm seeing the console logs on the the lpar at target side (BZ#1708102) * RHEL8.0 - Backport support for software count cache flush Spectre v2 mitigation (BZ#1708112) * [Regression] RHEL8.0 - System crashed with one stress-ng-mremap stressor on Boston (kvm host) (BZ#1708617) * [intel ice Rhel 8 RC1] ethtool -A ethx causes interfaces to go down (BZ#1709433) 4. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.3.4), redhat-virtualization-host (4.3.4). 7) - aarch64, noarch, ppc64le 3
var-202201-0104 In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). Expat ( alias libexpat) contains a computational error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details were provided at this time. Description: Version 1.22.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10. For more information, see the documentation linked in the Solution section. Bugs fixed (https://bugzilla.redhat.com/): 2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 5. References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-41771 https://access.redhat.com/security/cve/CVE-2021-41772 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21449 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 For details about the security issues see these CVE pages: * https://access.redhat.com/security/updates/classification/#low * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5073-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 12, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : expat CVE ID : CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 Debian Bug : 1002994 1003474 Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed. For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u2. For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u1. We recommend that you upgrade your expat packages. For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi /RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ zBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe YhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x g/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC XV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF 1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl ht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6 ut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn AQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B QS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM= =hLGY -----END PGP SIGNATURE----- . Summary: The Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es) from Bugzilla: * golang: net/http: Limit growth of header canonicalization cache (CVE-2021-44716) * golang: debug/macho: Invalid dynamic symbol table command can cause panic (CVE-2021-41771) * golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772) * golang: syscall: Don't close fd 0 on ForkExec error (CVE-2021-44717) * opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution: For details on how to install and use MTC, refer to: https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040378 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [backend] 2057516 - [MTC UI] UI should not allow PVC mapping for Full migration 2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans 2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository 2061347 - [MTC] Log reader pod is missing velero and restic pod logs. 2061653 - [MTC UI] Migration Resources section showing pods from other namespaces 2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. 2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic) 2071000 - Storage Conversion: UI doesn't have the ability to skip PVC 2072036 - Migration plan for storage conversion cannot be created if there's no replication repository 2072186 - Wrong migration type description 2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration 2073496 - Errors in rsync pod creation are not printed in the controller logs 2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page 5. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation 5. This update provides security fixes, bug fixes, and updates the container images. Description: Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/ Security updates: * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450) * nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * nodejs-shelljs: improper privilege management (CVE-2022-0144) * search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) * imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778) * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) * opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190) Related bugs: * RHACM 2.4.3 image files (BZ #2057249) * Observability - dashboard name contains `/` would cause error when generating dashboard cm (BZ #2032128) * ACM application placement fails after renaming the application name (BZ #2033051) * Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197) * Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820) * The value of name label changed from clusterclaim name to cluster name (BZ #2042223) * VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ #2048500) * clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211) * Application cluster status is not updated in UI after restoring (BZ #2053279) * OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610) * The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039) * Subscriptions stop reconciling after channel secrets are recreated (BZ #2059954) * Placementrule is not reconciling on a new fresh environment (BZ #2074156) * The cluster claimed from clusterpool cannot auto imported (BZ #2074543) 3. Bugs fixed (https://bugzilla.redhat.com/): 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm 2033051 - ACM application placement fails after renaming the application name 2039197 - disable the obs metric collect should not impact the managed cluster upgrade 2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard 2042223 - the value of name label changed from clusterclaim name to cluster name 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053279 - Application cluster status is not updated in UI after restoring 2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+ 2057249 - RHACM 2.4.3 images 2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift 2059954 - Subscriptions stop reconciling after channel secrets are recreated 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path 2074156 - Placementrule is not reconciling on a new fresh environment 2074543 - The cluster claimed from clusterpool can not auto imported 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: expat security update Advisory ID: RHSA-2022:1069-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1069 Issue date: 2022-03-28 CVE Names: CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 ==================================================================== 1. Summary: An update for expat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Expat is a C library for parsing XML documents. Security Fix(es): * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * expat: Integer overflow in storeRawNames() (CVE-2022-25315) * expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960) * expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143) * expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822) * expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823) * expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824) * expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825) * expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826) * expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827) * expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, applications using the Expat library must be restarted for the update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2044451 - CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat 2044455 - CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c 2044457 - CVE-2022-22822 expat: Integer overflow in addBinding in xmlparse.c 2044464 - CVE-2022-22823 expat: Integer overflow in build_model in xmlparse.c 2044467 - CVE-2022-22824 expat: Integer overflow in defineAttribute in xmlparse.c 2044479 - CVE-2022-22825 expat: Integer overflow in lookup in xmlparse.c 2044484 - CVE-2022-22826 expat: Integer overflow in nextScaffoldPart in xmlparse.c 2044488 - CVE-2022-22827 expat: Integer overflow in storeAtts in xmlparse.c 2044613 - CVE-2022-23852 expat: Integer overflow in function XML_GetBuffer 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: expat-2.1.0-14.el7_9.src.rpm x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: expat-2.1.0-14.el7_9.src.rpm x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: expat-2.1.0-14.el7_9.src.rpm ppc64: expat-2.1.0-14.el7_9.ppc.rpm expat-2.1.0-14.el7_9.ppc64.rpm expat-debuginfo-2.1.0-14.el7_9.ppc.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64.rpm expat-devel-2.1.0-14.el7_9.ppc.rpm expat-devel-2.1.0-14.el7_9.ppc64.rpm ppc64le: expat-2.1.0-14.el7_9.ppc64le.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm expat-devel-2.1.0-14.el7_9.ppc64le.rpm s390x: expat-2.1.0-14.el7_9.s390.rpm expat-2.1.0-14.el7_9.s390x.rpm expat-debuginfo-2.1.0-14.el7_9.s390.rpm expat-debuginfo-2.1.0-14.el7_9.s390x.rpm expat-devel-2.1.0-14.el7_9.s390.rpm expat-devel-2.1.0-14.el7_9.s390x.rpm x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: expat-debuginfo-2.1.0-14.el7_9.ppc.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64.rpm expat-static-2.1.0-14.el7_9.ppc.rpm expat-static-2.1.0-14.el7_9.ppc64.rpm ppc64le: expat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm expat-static-2.1.0-14.el7_9.ppc64le.rpm s390x: expat-debuginfo-2.1.0-14.el7_9.s390.rpm expat-debuginfo-2.1.0-14.el7_9.s390x.rpm expat-static-2.1.0-14.el7_9.s390.rpm expat-static-2.1.0-14.el7_9.s390x.rpm x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: expat-2.1.0-14.el7_9.src.rpm x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYkHUz9zjgjWX9erEAQjleA//dK8XzyiK0FY595G0f3CKvLMTMTPEEqf7 3nIHiGzC/lD2o6Y/4ed1iRpndjGVndXyu03AnOFob9P3zqQKBOKiWYcnFNuANAyh WAVTDyjglJ5PvLQe31QHDT1N5KlzN/hskhhyIBgZ+mWq90amXHIX1Xgsy6x72lLD jJF5usHqz4EbIoOn8m0jjDibJFjOOFh2a3qxFnVuMA5+PrcsfnpdVa32I8EMH/sW TODqkz3XLSaaJNWzePOPwZshkriapmU9DqkWdiEVOgJDx0MAn3S5q5MUkHJWRM29 3ZFqQncDQYYYXp8J3AcdX2VXCok0vfIQLWWIvsoGvcpl94lhYsztBGZJttjiVNkV kPX6Wv/W2mMklW7tf0OQOo2Xyh0ZOwB5kfJq7+7SMXzh67M2ifT1Gq7RTAMUProX 3QDm9vVxI7oEBh7HcNychxTaeTwpA2HnGMkUxh0ZX4NkwaOMn0UEBCbxQNXBlPUe 0Qe6srsMV5GSBPk9LoCxpLy+cMc5mya7x1kNS/NZ1CKtqczj4/Oef21I2wqmG/xU 7s9H4o/29X9KhQrOL/sAkqRg2s0yz80Wz1opvXcTgkLj8kzOSN9bQF3ravXXCrUd oqM0cN5PPP/iTqkXs/Dc6HX/iRer15vJ3e4aNu7ZN8+l88mM2BBEmUaDt2ZOHPJb Fq9o8PxEr0c=KN+u -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Vulnerabilities are sorted by update time (recent to old).
ID Description Published Updated
jvndb-2024-000028 Multiple vulnerabilities in SKYSEA Client View 2024-03-07T16:09+09:00 2024-07-29T18:13+09:00
jvndb-2024-004595 Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series 2024-07-29T17:51+09:00 2024-07-29T17:51+09:00
jvndb-2024-000076 SDoP contains a stack-based buffer overflow vulnerability. 2024-07-29T17:24+09:00 2024-07-29T17:24+09:00
jvndb-2024-003242 OMRON NJ/NX series vulnerable to insufficient verification of data authenticity 2024-05-28T12:28+09:00 2024-07-26T16:27+09:00
jvndb-2021-000105 PowerCMS XMLRPC API vulnerable to OS command injection 2021-11-24T15:47+09:00 2024-07-26T15:22+09:00
jvndb-2024-000075 ORC vulnerable to stack-based buffer overflow 2024-07-26T13:55+09:00 2024-07-26T13:55+09:00
jvndb-2022-000030 Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM 2022-05-09T15:02+09:00 2024-07-18T16:30+09:00
jvndb-2024-000073 Assimp vulnerable to heap-based buffer overflow 2024-07-18T13:44+09:00 2024-07-18T13:44+09:00
jvndb-2024-000072 Cybozu Garoon vulnerable to cross-site scripting 2024-07-16T16:14+09:00 2024-07-16T16:14+09:00
jvndb-2024-000071 FUJITSU Network Edgiot GW1500 vulnerable to path traversal 2024-07-16T14:41+09:00 2024-07-16T14:41+09:00
jvndb-2023-007150 Multiple vulnerabilities in First Corporation's DVRs 2023-11-17T17:31+09:00 2024-07-11T17:05+09:00
jvndb-2023-000094 Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce" 2023-09-22T13:51+09:00 2024-07-11T16:49+09:00
jvndb-2024-000007 Multiple Dahua Technology products vulnerable to authentication bypass 2024-01-18T13:43+09:00 2024-07-11T16:10+09:00
jvndb-2024-001882 Sharp NEC Display Solutions' public displays vulnerable to local file inclusion 2024-02-07T14:25+09:00 2024-07-11T14:27+09:00
jvndb-2024-000070 Out-of-bounds write vulnerability in Ricoh MFPs and printers 2024-07-10T14:16+09:00 2024-07-10T14:16+09:00
jvndb-2024-000059 Multiple vulnerabilities in multiple Webmin products 2024-07-09T14:27+09:00 2024-07-09T14:27+09:00
jvndb-2024-000069 Cleartext transmission issue in TONE store App to TONE store 2024-07-08T13:43+09:00 2024-07-08T13:43+09:00
jvndb-2024-000068 JP1/Extensible SNMP Agent fails to restrict access permissions 2024-07-03T14:57+09:00 2024-07-03T14:57+09:00
jvndb-2017-000194 WSR-300HP vulnerable to arbitrary code execution 2017-08-08T18:07+09:00 2024-07-02T17:55+09:00
jvndb-2024-003831 Multiple TP-Link products vulnerable to OS command injection 2024-06-28T17:38+09:00 2024-06-28T17:38+09:00
jvndb-2024-000067 "Piccoma" App uses a hard-coded API key for an external service 2024-06-28T13:18+09:00 2024-06-28T13:18+09:00
jvndb-2016-002299 SaAT Netizen fails to properly verify downloaded installation and update files 2016-12-05T13:52+09:00 2024-06-27T13:59+09:00
jvndb-2022-000080 Android App "IIJ SmartKey" vulnerable to information disclosure 2022-10-14T13:57+09:00 2024-06-27T13:40+09:00
jvndb-2023-001774 Multiple vulnerabilities in SolarView Compact 2023-05-09T16:09+09:00 2024-06-27T13:30+09:00
jvndb-2024-000017 Cybozu KUNAI for Android vulnerable to denial-of-service (DoS) 2024-02-06T13:25+09:00 2024-06-27T13:28+09:00
jvndb-2024-000066 WordPress plugins "WP Tweet Walls" and "Sola Testimonials" vulnerable to cross-site request forgery 2024-06-26T14:25+09:00 2024-06-26T14:25+09:00
jvndb-2022-000026 WordPress Plugin "MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership" vulnerable to cross-site request forgery 2022-04-15T13:15+09:00 2024-06-25T18:04+09:00
jvndb-2024-003699 LINE client for iOS vulnerable to universal cross-site scripting 2024-06-24T11:05+09:00 2024-06-24T11:05+09:00
jvndb-2022-001372 Trend Micro Antivirus for MAC vulnerable to privilege escalation 2022-02-18T14:55+09:00 2024-06-21T18:04+09:00
jvndb-2022-001381 Multiple vulnerabilities in Trend Micro ServerProtect 2022-03-03T14:42+09:00 2024-06-21T17:58+09:00