Action not permitted
Modal body text goes here.
cve-2018-5407
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | N/A | Processors supporting Simultaneous Multi-Threading |
Version: N/A |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:33:44.232Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2019:0483", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:0483" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20181126-0001/" }, { "name": "USN-3840-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3840-1/" }, { "name": "DSA-4355", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4355" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2018-17" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { "name": "GLSA-201903-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201903-10" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2018-16" }, { "name": "45785", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/45785/" }, { "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/bbbrumley/portsmash" }, { "name": "DSA-4348", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4348" }, { "name": "105897", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105897" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://eprint.iacr.org/2018/1060.pdf" }, { "name": "RHSA-2019:0651", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:0651" }, { "name": "RHSA-2019:0652", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:0652" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "RHSA-2019:2125", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "name": "RHSA-2019:3929", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "name": "RHSA-2019:3933", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "name": "RHSA-2019:3931", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "name": "RHSA-2019:3935", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "name": "RHSA-2019:3932", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Processors supporting Simultaneous Multi-Threading", "vendor": "N/A", "versions": [ { "status": "affected", "version": "N/A" } ] } ], "datePublic": "2018-11-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T21:06:46", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "name": "RHSA-2019:0483", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:0483" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20181126-0001/" }, { "name": "USN-3840-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3840-1/" }, { "name": "DSA-4355", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4355" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2018-17" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { "name": "GLSA-201903-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201903-10" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2018-16" }, { "name": "45785", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/45785/" }, { "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/bbbrumley/portsmash" }, { "name": "DSA-4348", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4348" }, { "name": "105897", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105897" }, { "tags": [ "x_refsource_MISC" ], "url": "https://eprint.iacr.org/2018/1060.pdf" }, { "name": "RHSA-2019:0651", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:0651" }, { "name": "RHSA-2019:0652", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:0652" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "RHSA-2019:2125", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "name": "RHSA-2019:3929", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "name": "RHSA-2019:3933", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "name": "RHSA-2019:3931", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "name": "RHSA-2019:3935", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "name": "RHSA-2019:3932", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2018-5407", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Processors supporting Simultaneous Multi-Threading", "version": { "version_data": [ { "version_value": "N/A" } ] } } ] }, "vendor_name": "N/A" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2019:0483", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0483" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "refsource": "CONFIRM", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "name": "https://security.netapp.com/advisory/ntap-20181126-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20181126-0001/" }, { "name": "USN-3840-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3840-1/" }, { "name": "DSA-4355", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4355" }, { "name": "https://www.tenable.com/security/tns-2018-17", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2018-17" }, { "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { "name": "GLSA-201903-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201903-10" }, { "name": "https://www.tenable.com/security/tns-2018-16", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2018-16" }, { "name": "45785", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45785/" }, { "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { "name": "https://github.com/bbbrumley/portsmash", "refsource": "MISC", "url": "https://github.com/bbbrumley/portsmash" }, { "name": "DSA-4348", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4348" }, { "name": "105897", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105897" }, { "name": "https://eprint.iacr.org/2018/1060.pdf", "refsource": "MISC", "url": "https://eprint.iacr.org/2018/1060.pdf" }, { "name": "RHSA-2019:0651", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0651" }, { "name": "RHSA-2019:0652", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0652" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "RHSA-2019:2125", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "name": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "name": "RHSA-2019:3929", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "name": "RHSA-2019:3933", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "name": "RHSA-2019:3931", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "name": "RHSA-2019:3935", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "name": "RHSA-2019:3932", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2018-5407", "datePublished": "2018-11-15T21:00:00", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2024-08-05T05:33:44.232Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-5407\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2018-11-15T21:29:00.233\",\"lastModified\":\"2024-11-21T04:08:45.530\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.\"},{\"lang\":\"es\",\"value\":\"SMT (Simultaneous Multi-threading) en los procesadores puede habilitar que usuarios locales exploten software vulnerable a ataques de sincronizaci\u00f3n mediante un ataques de sincronizaci\u00f3n de canal lateral en la \\\"contenci\u00f3n de puertos\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.0,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":1.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.14.4\",\"matchCriteriaId\":\"4F608F84-5A94-4DC1-A7B8-E19028F96A40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.11.4\",\"matchCriteriaId\":\"468A9D35-95E1-473B-A5D3-9BD78818F599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.9.0\",\"matchCriteriaId\":\"48A01678-361E-4F23-B7D6-41B0C145F491\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.2\",\"versionEndExcluding\":\"1.0.2q\",\"matchCriteriaId\":\"0DF92E05-808F-4D22-BD55-3571BF46889F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1.0\",\"versionEndExcluding\":\"1.1.0i\",\"matchCriteriaId\":\"B64CB987-8B48-4B65-BC6A-B39F1F69F4B7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.1.1\",\"matchCriteriaId\":\"0BB469FA-ECF9-42D8-8CF0-7C8B426FD7B2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5553591-073B-45E3-999F-21B8BA2EEE22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD941CDF-8486-43F7-9D98-2B8785B1B139\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDE18990-1FC9-4624-971B-2E87BF0871AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17C29F2D-CBE6-4E22-98AE-787E939ED161\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98F3E643-4B65-4668-BB11-C61ED54D5A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"459B4A5F-A6BD-4A1C-B6B7-C979F005EB70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDCE0E90-495E-4437-8529-3C36441FB69D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.12.3\",\"matchCriteriaId\":\"D2049488-5CE2-4C56-8B0E-BA7C499A7372\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.12.4\",\"versionEndIncluding\":\"4.1.2\",\"matchCriteriaId\":\"81B25011-AEFA-453D-AF1E-5945AB625767\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E416B-920B-49A0-9523-382898C2979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"7A1E1023-2EB9-4334-9B74-CA71480F71C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84BF6794-2CE6-407F-B8E0-81871AB7B40B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93A4E178-0082-45C5-BBC0-0A4E51C8B1DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F021C23-AB9B-4877-833F-D01359A98762\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F8ED016-32A1-42EE-844E-3E6B2C116B74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A046CC2C-445F-4336-8810-930570B4FEC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0745445C-EC43-4091-BA7C-5105AFCC6F1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92A6A7BA-CCE6-426F-8434-7A578A245180\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.0\",\"matchCriteriaId\":\"B52550D1-38F6-4AAC-BE68-487F7D6DB2D8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E92F9B3-3841-4C05-88F0-CEB0735EA4BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105897\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0483\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0651\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0652\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2125\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3929\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3931\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3932\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3933\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3935\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://eprint.iacr.org/2018/1060.pdf\",\"source\":\"cret@cert.org\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/bbbrumley/portsmash\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201903-10\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20181126-0001/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"cret@cert.org\"},{\"url\":\"https://usn.ubuntu.com/3840-1/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4348\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4355\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/45785/\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2018-16\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2018-17\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105897\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0483\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0651\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0652\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3929\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3931\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3932\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://eprint.iacr.org/2018/1060.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/bbbrumley/portsmash\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201903-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20181126-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3840-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4348\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4355\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/45785/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2018-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2018-17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2019_3932
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2019:3932", "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1568253", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253" }, { "category": "external", "summary": "1644364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364" }, { "category": "external", "summary": "1645695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695" }, { "category": "external", "summary": "1668493", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493" }, { "category": "external", "summary": "1668497", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497" }, { "category": "external", "summary": "1695020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020" }, { "category": "external", "summary": "1695030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030" }, { "category": "external", "summary": "1695042", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042" }, { "category": "external", "summary": "1735741", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741" }, { "category": "external", "summary": "1741860", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860" }, { "category": "external", "summary": "1741864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864" }, { "category": "external", "summary": "1741868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868" }, { "category": "external", "summary": "JBCS-798", "url": "https://issues.redhat.com/browse/JBCS-798" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3932.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6", "tracking": { "current_release_date": "2024-11-22T12:47:13+00:00", "generator": { "date": "2024-11-22T12:47:13+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2019:3932", "initial_release_date": "2019-11-20T16:22:09+00:00", "revision_history": [ { "date": "2019-11-20T16:22:09+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-01-06T13:05:52+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T12:47:13+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services on RHEL 6 Server", "product": { "name": "Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "product_id": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-devel@2.11-20.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "product_id": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-debuginfo@2.11-20.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-63.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-63.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1-25.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-48.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-48.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-48.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-48.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-48.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-48.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-48.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-48.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-48.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "product_id": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-devel@1.0.6-7.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "product_id": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-debuginfo@1.0.6-7.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-4.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-4.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.64.1-14.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.64.1-14.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "product_id": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.64.1-14.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-33.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-33.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-33.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-33.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.37-33.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-33.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-33.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-33.jbcs.el6?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-33.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.12-9.Final_redhat_2.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-22.redhat_1.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-22.redhat_1.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-22.redhat_1.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el6?arch=i686" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "product": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-16.GA.jbcs.el6?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-devel@2.11-20.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-debuginfo@2.11-20.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-63.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-63.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1-25.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-48.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-48.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-48.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-48.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-48.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-48.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-48.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-48.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-48.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-devel@1.0.6-7.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-debuginfo@1.0.6-7.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-4.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-4.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.64.1-14.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.64.1-14.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.64.1-14.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-33.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-33.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-33.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-33.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.37-33.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-33.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-33.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-33.jbcs.el6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-33.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.12-9.Final_redhat_2.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-22.redhat_1.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-22.redhat_1.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-22.redhat_1.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el6?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "product": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-16.GA.jbcs.el6?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "product": { "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "product": { "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el6?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "product": { "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "product": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "product": { "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "product": { "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "product": { "name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "product_id": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-22.redhat_1.jbcs.el6?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "product": { "name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "product_id": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.37-33.jbcs.el6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch" }, "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "relates_to_product_reference": "6Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server", "product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64", "relates_to_product_reference": "6Server-JBCS" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-0734", "cwe": { "id": "CWE-385", "name": "Covert Timing Channel" }, "discovery_date": "2018-10-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1644364" } ], "notes": [ { "category": "description", "text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: timing side channel attack in the DSA signature algorithm", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-0734" }, { "category": "external", "summary": "RHBZ#1644364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0734", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0734" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734" } ], "release_date": "2018-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:22:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "openssl: timing side channel attack in the DSA signature algorithm" }, { "cve": "CVE-2018-0737", "cwe": { "id": "CWE-385", "name": "Covert Timing Channel" }, "discovery_date": "2018-04-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1568253" } ], "notes": [ { "category": "description", "text": "OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-0737" }, { "category": "external", "summary": "RHBZ#1568253", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0737", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2018/04/16/3", "url": "http://www.openwall.com/lists/oss-security/2018/04/16/3" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20180416.txt", "url": "https://www.openssl.org/news/secadv/20180416.txt" } ], "release_date": "2018-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:22:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys" }, { "acknowledgments": [ { "names": [ "Alejandro Cabrera Aldaya" ], "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba" }, { "names": [ "Billy Bob Brumley", "Cesar Pereida Garcia", "Sohaib ul Hassan" ] }, { "names": [ "Nicola Tuveri" ], "organization": "Tampere University of Technology; Finland" } ], "cve": "CVE-2018-5407", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2018-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1645695" } ], "notes": [ { "category": "description", "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-5407" }, { "category": "external", "summary": "RHBZ#1645695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407" }, { "category": "external", "summary": "https://github.com/bbbrumley/portsmash", "url": "https://github.com/bbbrumley/portsmash" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20181112.txt", "url": "https://www.openssl.org/news/secadv/20181112.txt" } ], "release_date": "2018-10-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:22:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "category": "workaround", "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)" }, { "cve": "CVE-2018-17189", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-01-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1668497" } ], "notes": [ { "category": "description", "text": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_http2: DoS via slow, unneeded request bodies", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-17189" }, { "category": "external", "summary": "RHBZ#1668497", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-17189", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17189" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189" } ], "release_date": "2019-01-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:22:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_http2: DoS via slow, unneeded request bodies" }, { "cve": "CVE-2018-17199", "cwe": { "id": "CWE-613", "name": "Insufficient Session Expiration" }, "discovery_date": "2019-01-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1668493" } ], "notes": [ { "category": "description", "text": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_session_cookie does not respect expiry time", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-17199" }, { "category": "external", "summary": "RHBZ#1668493", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-17199", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17199" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199" } ], "release_date": "2019-01-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:22:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_session_cookie does not respect expiry time" }, { "cve": "CVE-2019-0196", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2019-04-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1695030" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_http2: read-after-free on a string compare", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0196" }, { "category": "external", "summary": "RHBZ#1695030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0196", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0196" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196" }, { "category": "external", "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4", "url": "http://www.apache.org/dist/httpd/CHANGES_2.4" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2019-04-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:22:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_http2: read-after-free on a string compare" }, { "cve": "CVE-2019-0197", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-04-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1695042" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_http2: possible crash on late upgrade", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0197" }, { "category": "external", "summary": "RHBZ#1695042", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0197", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197" }, { "category": "external", "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4", "url": "http://www.apache.org/dist/httpd/CHANGES_2.4" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2019-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:22:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3932" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_http2: possible crash on late upgrade" }, { "cve": "CVE-2019-0217", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2019-04-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1695020" } ], "notes": [ { "category": "description", "text": "A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_auth_digest: access control bypass due to race condition", "title": "Vulnerability summary" }, { "category": "other", "text": "Based on the the fact that digest authentication is rarely used in modern day web applications and httpd package shipped with Red Hat products do not ship threaded MPM configuration by default, this flaw has been rated as having Moderate level security impact. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0217" }, { "category": "external", "summary": "RHBZ#1695020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0217", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0217" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217" }, { "category": "external", "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4", "url": "http://www.apache.org/dist/httpd/CHANGES_2.4" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2019-04-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:22:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "category": "workaround", "details": "This flaw only affects a threaded server configuration, so using the prefork MPM is an effective mitigation. In versions of httpd package shipped with Red Hat Enterprise Linux 7, the prefork MPM is the default configuration.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_auth_digest: access control bypass due to race condition" }, { "cve": "CVE-2019-9511", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1741860" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: large amount of data requests leads to denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "There are no mitigations available for nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9511" }, { "category": "external", "summary": "RHBZ#1741860", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9511", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9511" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://kb.cert.org/vuls/id/605641/", "url": "https://kb.cert.org/vuls/id/605641/" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/" } ], "release_date": "2019-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:22:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "category": "workaround", "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: large amount of data requests leads to denial of service" }, { "acknowledgments": [ { "names": [ "the Envoy security team" ] } ], "cve": "CVE-2019-9513", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1735741" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has no available mitigation for packages nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9513" }, { "category": "external", "summary": "RHBZ#1735741", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9513", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9513" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/", "url": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/" } ], "release_date": "2019-08-13T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:22:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "category": "workaround", "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption" }, { "cve": "CVE-2019-9516", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1741864" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: 0-length headers lead to denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9516" }, { "category": "external", "summary": "RHBZ#1741864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9516", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9516" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://github.com/nghttp2/nghttp2/issues/1382#", "url": "https://github.com/nghttp2/nghttp2/issues/1382#" }, { "category": "external", "summary": "https://kb.cert.org/vuls/id/605641/", "url": "https://kb.cert.org/vuls/id/605641/" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/" } ], "release_date": "2019-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:22:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "category": "workaround", "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: 0-length headers lead to denial of service" }, { "cve": "CVE-2019-9517", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1741868" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server\u0027s queue is setup, the responses can consume excess memory, CPU, or both, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: request for large response leads to denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "The package httpd versions as shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this issue as HTTP/2 support is not provided.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9517" }, { "category": "external", "summary": "RHBZ#1741868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9517", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://kb.cert.org/vuls/id/605641/", "url": "https://kb.cert.org/vuls/id/605641/" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" } ], "release_date": "2019-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:22:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "category": "workaround", "details": "The httpd version shipped with Red Hat Enterprise Linux 8 provides HTTP/2 support through mod_http2 package. While mod_http2 package is not updated, users can disable HTTP/2 support as mitigation action by executing the following steps:\n\n1. Stop httpd service:\n$ systemctl stop httpd\n\n2. Remove http/2 protocol support from configuration files:\n$ sed -i \u0027s/\\(h2\\)\\|\\(h2c\\)//g\u0027 \u003chttpd_config_file\u003e\n\n3. Validate configuration files to make sure all syntax is valid:\n$ apachectl configtest\n\n4. Restart httpd service:\n$ systemctl start httpd", "product_ids": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el6.noarch", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.src", "6Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el6.x86_64", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.i686", "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: request for large response leads to denial of service" } ] }
rhsa-2019_3935
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss Core Services Pack Apache Server 2.4.37 zip release\nfor RHEL 6, RHEL 7 and Microsoft Windows is available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2019:3935", "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1568253", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253" }, { "category": "external", "summary": "1644364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364" }, { "category": "external", "summary": "1645695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695" }, { "category": "external", "summary": "1668493", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493" }, { "category": "external", "summary": "1668497", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497" }, { "category": "external", "summary": "1695020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020" }, { "category": "external", "summary": "1695030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030" }, { "category": "external", "summary": "1695042", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042" }, { "category": "external", "summary": "1735741", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741" }, { "category": "external", "summary": "1741860", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860" }, { "category": "external", "summary": "1741864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864" }, { "category": "external", "summary": "1741868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868" }, { "category": "external", "summary": "JBCS-798", "url": "https://issues.redhat.com/browse/JBCS-798" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3935.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release", "tracking": { "current_release_date": "2024-11-22T12:47:02+00:00", "generator": { "date": "2024-11-22T12:47:02+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2019:3935", "initial_release_date": "2019-11-20T16:08:18+00:00", "revision_history": [ { "date": "2019-11-20T16:08:18+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-01-06T13:01:52+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T12:47:02+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services 1", "product": { "name": "Red Hat JBoss Core Services 1", "product_id": "Red Hat JBoss Core Services 1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-0734", "cwe": { "id": "CWE-385", "name": "Covert Timing Channel" }, "discovery_date": "2018-10-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1644364" } ], "notes": [ { "category": "description", "text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: timing side channel attack in the DSA signature algorithm", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-0734" }, { "category": "external", "summary": "RHBZ#1644364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0734", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0734" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734" } ], "release_date": "2018-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:18+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3935" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "openssl: timing side channel attack in the DSA signature algorithm" }, { "cve": "CVE-2018-0737", "cwe": { "id": "CWE-385", "name": "Covert Timing Channel" }, "discovery_date": "2018-04-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1568253" } ], "notes": [ { "category": "description", "text": "OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-0737" }, { "category": "external", "summary": "RHBZ#1568253", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0737", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2018/04/16/3", "url": "http://www.openwall.com/lists/oss-security/2018/04/16/3" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20180416.txt", "url": "https://www.openssl.org/news/secadv/20180416.txt" } ], "release_date": "2018-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:18+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3935" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys" }, { "acknowledgments": [ { "names": [ "Alejandro Cabrera Aldaya" ], "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba" }, { "names": [ "Billy Bob Brumley", "Cesar Pereida Garcia", "Sohaib ul Hassan" ] }, { "names": [ "Nicola Tuveri" ], "organization": "Tampere University of Technology; Finland" } ], "cve": "CVE-2018-5407", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2018-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1645695" } ], "notes": [ { "category": "description", "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-5407" }, { "category": "external", "summary": "RHBZ#1645695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407" }, { "category": "external", "summary": "https://github.com/bbbrumley/portsmash", "url": "https://github.com/bbbrumley/portsmash" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20181112.txt", "url": "https://www.openssl.org/news/secadv/20181112.txt" } ], "release_date": "2018-10-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:18+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "category": "workaround", "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)" }, { "cve": "CVE-2018-17189", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-01-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1668497" } ], "notes": [ { "category": "description", "text": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_http2: DoS via slow, unneeded request bodies", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-17189" }, { "category": "external", "summary": "RHBZ#1668497", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-17189", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17189" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189" } ], "release_date": "2019-01-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:18+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3935" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_http2: DoS via slow, unneeded request bodies" }, { "cve": "CVE-2018-17199", "cwe": { "id": "CWE-613", "name": "Insufficient Session Expiration" }, "discovery_date": "2019-01-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1668493" } ], "notes": [ { "category": "description", "text": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_session_cookie does not respect expiry time", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-17199" }, { "category": "external", "summary": "RHBZ#1668493", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-17199", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17199" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199" } ], "release_date": "2019-01-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:18+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3935" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_session_cookie does not respect expiry time" }, { "cve": "CVE-2019-0196", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2019-04-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1695030" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_http2: read-after-free on a string compare", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0196" }, { "category": "external", "summary": "RHBZ#1695030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0196", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0196" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196" }, { "category": "external", "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4", "url": "http://www.apache.org/dist/httpd/CHANGES_2.4" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2019-04-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:18+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3935" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_http2: read-after-free on a string compare" }, { "cve": "CVE-2019-0197", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-04-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1695042" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_http2: possible crash on late upgrade", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0197" }, { "category": "external", "summary": "RHBZ#1695042", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0197", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197" }, { "category": "external", "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4", "url": "http://www.apache.org/dist/httpd/CHANGES_2.4" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2019-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:18+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3935" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_http2: possible crash on late upgrade" }, { "cve": "CVE-2019-0217", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2019-04-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1695020" } ], "notes": [ { "category": "description", "text": "A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_auth_digest: access control bypass due to race condition", "title": "Vulnerability summary" }, { "category": "other", "text": "Based on the the fact that digest authentication is rarely used in modern day web applications and httpd package shipped with Red Hat products do not ship threaded MPM configuration by default, this flaw has been rated as having Moderate level security impact. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0217" }, { "category": "external", "summary": "RHBZ#1695020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0217", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0217" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217" }, { "category": "external", "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4", "url": "http://www.apache.org/dist/httpd/CHANGES_2.4" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2019-04-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:18+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "category": "workaround", "details": "This flaw only affects a threaded server configuration, so using the prefork MPM is an effective mitigation. In versions of httpd package shipped with Red Hat Enterprise Linux 7, the prefork MPM is the default configuration.", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_auth_digest: access control bypass due to race condition" }, { "cve": "CVE-2019-9511", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1741860" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: large amount of data requests leads to denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "There are no mitigations available for nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9511" }, { "category": "external", "summary": "RHBZ#1741860", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9511", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9511" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://kb.cert.org/vuls/id/605641/", "url": "https://kb.cert.org/vuls/id/605641/" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/" } ], "release_date": "2019-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:18+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "category": "workaround", "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: large amount of data requests leads to denial of service" }, { "acknowledgments": [ { "names": [ "the Envoy security team" ] } ], "cve": "CVE-2019-9513", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1735741" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has no available mitigation for packages nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9513" }, { "category": "external", "summary": "RHBZ#1735741", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9513", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9513" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/", "url": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/" } ], "release_date": "2019-08-13T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:18+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "category": "workaround", "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption" }, { "cve": "CVE-2019-9516", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1741864" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: 0-length headers lead to denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9516" }, { "category": "external", "summary": "RHBZ#1741864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9516", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9516" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://github.com/nghttp2/nghttp2/issues/1382#", "url": "https://github.com/nghttp2/nghttp2/issues/1382#" }, { "category": "external", "summary": "https://kb.cert.org/vuls/id/605641/", "url": "https://kb.cert.org/vuls/id/605641/" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/" } ], "release_date": "2019-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:18+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "category": "workaround", "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: 0-length headers lead to denial of service" }, { "cve": "CVE-2019-9517", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1741868" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server\u0027s queue is setup, the responses can consume excess memory, CPU, or both, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: request for large response leads to denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "The package httpd versions as shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this issue as HTTP/2 support is not provided.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Core Services 1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9517" }, { "category": "external", "summary": "RHBZ#1741868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9517", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://kb.cert.org/vuls/id/605641/", "url": "https://kb.cert.org/vuls/id/605641/" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" } ], "release_date": "2019-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:18+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Core Services 1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "category": "workaround", "details": "The httpd version shipped with Red Hat Enterprise Linux 8 provides HTTP/2 support through mod_http2 package. While mod_http2 package is not updated, users can disable HTTP/2 support as mitigation action by executing the following steps:\n\n1. Stop httpd service:\n$ systemctl stop httpd\n\n2. Remove http/2 protocol support from configuration files:\n$ sed -i \u0027s/\\(h2\\)\\|\\(h2c\\)//g\u0027 \u003chttpd_config_file\u003e\n\n3. Validate configuration files to make sure all syntax is valid:\n$ apachectl configtest\n\n4. Restart httpd service:\n$ systemctl start httpd", "product_ids": [ "Red Hat JBoss Core Services 1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Core Services 1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: request for large response leads to denial of service" } ] }
rhsa-2019_3929
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated Red Hat JBoss Web Server 5.2.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199 (CVE-2019-10072)\n\n* tomcat: XSS in SSI printenv (CVE-2019-0221)\n\n* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2019:3929", "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/" }, { "category": "external", "summary": "1645695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695" }, { "category": "external", "summary": "1683804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804" }, { "category": "external", "summary": "1693325", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325" }, { "category": "external", "summary": "1713275", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275" }, { "category": "external", "summary": "1723708", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3929.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release", "tracking": { "current_release_date": "2024-11-22T13:26:19+00:00", "generator": { "date": "2024-11-22T13:26:19+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2019:3929", "initial_release_date": "2019-11-20T16:08:26+00:00", "revision_history": [ { "date": "2019-11-20T16:08:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-12-02T16:26:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T13:26:19+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product": { "name": "Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el7" } } }, { "category": "product_name", "name": "Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el6" } } }, { "category": "product_name", "name": "Red Hat JBoss Web Server 5.2 for RHEL 8", "product": { "name": "Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" }, { "branches": [ { "category": "product_version", "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "product": { "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el7jws?arch=src" } } }, { "category": "product_version", "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "product": { "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el7jws?arch=src" } } }, { "category": "product_version", "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "product": { "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el7jws?arch=src" } } }, { "category": "product_version", "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "product": { "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el7jws?arch=src" } } }, { "category": "product_version", "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "product": { "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el7jws?arch=src" } } }, { "category": "product_version", "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "product": { "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el7jws?arch=src" } } }, { "category": "product_version", "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "product": { "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el7jws?arch=src" } } }, { "category": "product_version", "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "product": { "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el6jws?arch=src" } } }, { "category": "product_version", "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "product": { "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el6jws?arch=src" } } }, { "category": "product_version", "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "product": { "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el6jws?arch=src" } } }, { "category": "product_version", "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "product": { "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el6jws?arch=src" } } }, { "category": "product_version", "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "product": { "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el6jws?arch=src" } } }, { "category": "product_version", "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "product": { "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el6jws?arch=src" } } }, { "category": "product_version", "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "product": { "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el6jws?arch=src" } } }, { "category": "product_version", "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "product": { "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el8jws?arch=src" } } }, { "category": "product_version", "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "product": { "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el8jws?arch=src" } } }, { "category": "product_version", "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "product": { "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el8jws?arch=src" } } }, { "category": "product_version", "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "product": { "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el8jws?arch=src" } } }, { "category": "product_version", "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "product": { "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el8jws?arch=src" } } }, { "category": "product_version", "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "product": { "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el8jws?arch=src" } } }, { "category": "product_version", "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "product": { "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el8jws?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "product": { "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "product": { "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "product": { "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "product_id": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-python-javapackages@3.4.1-5.15.11.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "product": { "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "product": { "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "product_id": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-mod_cluster-tomcat@1.4.1-1.Final_redhat_00001.2.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "product": { "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "product": { "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "product": { "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "product_id": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-vault-javadoc@1.1.8-1.Final_redhat_1.1.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product": { "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product": { "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_id": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.21-10.redhat_4.1.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product": { "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_id": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.21-10.redhat_4.1.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product": { "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_id": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.21-10.redhat_4.1.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product": { "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_id": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.21-10.redhat_4.1.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product": { "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.21-10.redhat_4.1.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product": { "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_id": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.21-10.redhat_4.1.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product": { "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_id": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.21-10.redhat_4.1.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product": { "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.21-10.redhat_4.1.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product": { "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_id": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.21-10.redhat_4.1.el7jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "product": { "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "product": { "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "product_id": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-python-javapackages@3.4.1-5.15.11.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "product": { "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "product": { "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "product": { "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "product_id": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-mod_cluster-tomcat@1.4.1-1.Final_redhat_00001.2.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "product": { "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "product": { "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "product": { "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "product_id": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-vault-javadoc@1.1.8-1.Final_redhat_1.1.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product": { "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product": { "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_id": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.21-10.redhat_4.1.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product": { "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_id": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.21-10.redhat_4.1.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product": { "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_id": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.21-10.redhat_4.1.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product": { "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_id": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.21-10.redhat_4.1.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product": { "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.21-10.redhat_4.1.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product": { "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_id": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.21-10.redhat_4.1.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product": { "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_id": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.21-10.redhat_4.1.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product": { "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.21-10.redhat_4.1.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product": { "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_id": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.21-10.redhat_4.1.el6jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "product": { "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "product_id": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-jboss-logging@3.3.2-1.Final_redhat_00001.1.el8jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "product": { "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "product_id": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-python-javapackages@3.4.1-5.15.11.el8jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "product": { "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "product_id": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-javapackages-tools@3.4.1-5.15.11.el8jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "product": { "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "product_id": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-mod_cluster@1.4.1-1.Final_redhat_00001.2.el8jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "product": { "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "product_id": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-mod_cluster-tomcat@1.4.1-1.Final_redhat_00001.2.el8jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "product": { "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "product_id": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-ecj@4.12.0-1.redhat_1.1.el8jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "product": { "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "product_id": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-vault@1.1.8-1.Final_redhat_1.1.el8jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "product": { "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "product_id": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-vault-javadoc@1.1.8-1.Final_redhat_1.1.el8jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product": { "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_id": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat@9.0.21-10.redhat_4.1.el8jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product": { "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_id": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.21-10.redhat_4.1.el8jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product": { "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_id": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.21-10.redhat_4.1.el8jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product": { "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_id": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.21-10.redhat_4.1.el8jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product": { "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_id": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.21-10.redhat_4.1.el8jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product": { "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_id": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.21-10.redhat_4.1.el8jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product": { "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_id": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-lib@9.0.21-10.redhat_4.1.el8jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product": { "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_id": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.21-10.redhat_4.1.el8jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product": { "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_id": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.21-10.redhat_4.1.el8jws?arch=noarch" } } }, { "category": "product_version", "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product": { "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_id": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.21-10.redhat_4.1.el8jws?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "product": { "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el7jws?arch=x86_64" } } }, { "category": "product_version", "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "product": { "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el7jws?arch=x86_64" } } }, { "category": "product_version", "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "product": { "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el6jws?arch=x86_64" } } }, { "category": "product_version", "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "product": { "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el6jws?arch=x86_64" } } }, { "category": "product_version", "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "product": { "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el8jws?arch=x86_64" } } }, { "category": "product_version", "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "product": { "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el8jws?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "product": { "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "product_id": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-native@1.2.21-34.redhat_34.el6jws?arch=i686" } } }, { "category": "product_version", "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "product": { "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "product_id": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/jws5-tomcat-native-debuginfo@1.2.21-34.redhat_34.el6jws?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch" }, "product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src" }, "product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch" }, "product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src" }, "product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch" }, "product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src" }, "product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch" }, "product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src" }, "product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch" }, "product_reference": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch" }, "product_reference": "jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch" }, "product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src" }, "product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch" }, "product_reference": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch" }, "product_reference": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch" }, "product_reference": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch" }, "product_reference": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch" }, "product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch" }, "product_reference": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686" }, "product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src" }, "product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64" }, "product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686" }, "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64" }, "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch" }, "product_reference": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch" }, "product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch" }, "product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src" }, "product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch" }, "product_reference": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 6 Server", "product_id": "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch" }, "product_reference": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "relates_to_product_reference": "6Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch" }, "product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src" }, "product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch" }, "product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src" }, "product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch" }, "product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src" }, "product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch" }, "product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src" }, "product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch" }, "product_reference": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch" }, "product_reference": "jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch" }, "product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src" }, "product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch" }, "product_reference": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch" }, "product_reference": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch" }, "product_reference": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch" }, "product_reference": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch" }, "product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch" }, "product_reference": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src" }, "product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64" }, "product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64" }, "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch" }, "product_reference": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch" }, "product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch" }, "product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src" }, "product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch" }, "product_reference": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 7 Server", "product_id": "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch" }, "product_reference": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "relates_to_product_reference": "7Server-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch" }, "product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src" }, "product_reference": "jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch" }, "product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src" }, "product_reference": "jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch" }, "product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src" }, "product_reference": "jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch" }, "product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src" }, "product_reference": "jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch" }, "product_reference": "jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch" }, "product_reference": "jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch" }, "product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src" }, "product_reference": "jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" }, "product_reference": "jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch" }, "product_reference": "jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch" }, "product_reference": "jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch" }, "product_reference": "jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch" }, "product_reference": "jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch" }, "product_reference": "jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src" }, "product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64" }, "product_reference": "jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64 as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64" }, "product_reference": "jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch" }, "product_reference": "jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch" }, "product_reference": "jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch" }, "product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src" }, "product_reference": "jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch" }, "product_reference": "jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" }, { "category": "default_component_of", "full_product_name": { "name": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.2 for RHEL 8", "product_id": "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" }, "product_reference": "jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "relates_to_product_reference": "8Base-JWS-5.2" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Alejandro Cabrera Aldaya" ], "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba" }, { "names": [ "Billy Bob Brumley", "Cesar Pereida Garcia", "Sohaib ul Hassan" ] }, { "names": [ "Nicola Tuveri" ], "organization": "Tampere University of Technology; Finland" } ], "cve": "CVE-2018-5407", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2018-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1645695" } ], "notes": [ { "category": "description", "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-5407" }, { "category": "external", "summary": "RHBZ#1645695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407" }, { "category": "external", "summary": "https://github.com/bbbrumley/portsmash", "url": "https://github.com/bbbrumley/portsmash" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20181112.txt", "url": "https://www.openssl.org/news/secadv/20181112.txt" } ], "release_date": "2018-10-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:26+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "category": "workaround", "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.", "product_ids": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)" }, { "cve": "CVE-2019-0199", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-03-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1693325" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Tomcat, where the HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open, which enables them to cause server-side threads to block. This flaw eventually leads to a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Apache Tomcat HTTP/2 DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "pki-servlet-container does not use HTTP/2 in its default configuration.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0199" }, { "category": "external", "summary": "RHBZ#1693325", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0199", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0199" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199" } ], "release_date": "2019-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:26+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3929" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat: Apache Tomcat HTTP/2 DoS" }, { "cve": "CVE-2019-0221", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2019-05-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1713275" } ], "notes": [ { "category": "description", "text": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: XSS in SSI printenv", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0221" }, { "category": "external", "summary": "RHBZ#1713275", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0221", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221" } ], "release_date": "2019-04-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:26+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "category": "workaround", "details": "SSI is disabled in the default Tomcat configuration. The vulnerable printenv command is intended for debugging, and is recommended to not be enabled for a production website.", "product_ids": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: XSS in SSI printenv" }, { "cve": "CVE-2019-0232", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-04-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1701056" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Apache Tomcat, where a Java Runtime Environment can pass a command-line argument in the Windows operating system. The execution of arbitrary commands via Tomcat\u2019s Common Gateway Interface (CGI) Servlet, allows an attacker to perform remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Remote Code Execution on Windows", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is specific to the Windows platform\u0027s treatment of file names and how they must be quoted. Tomcat running on Linux hosts is not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0232" }, { "category": "external", "summary": "RHBZ#1701056", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701056" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0232", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0232" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0232", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0232" } ], "release_date": "2019-04-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:26+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3929" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat: Remote Code Execution on Windows" }, { "cve": "CVE-2019-1559", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "discovery_date": "2019-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1683804" } ], "notes": [ { "category": "description", "text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: 0-byte record padding oracle", "title": "Vulnerability summary" }, { "category": "other", "text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-1559" }, { "category": "external", "summary": "RHBZ#1683804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559" }, { "category": "external", "summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles", "url": "https://github.com/RUB-NDS/TLS-Padding-Oracles" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20190226.txt", "url": "https://www.openssl.org/news/secadv/20190226.txt" } ], "release_date": "2019-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:26+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "category": "workaround", "details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.", "product_ids": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: 0-byte record padding oracle" }, { "cve": "CVE-2019-10072", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-06-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1723708" } ], "notes": [ { "category": "description", "text": "The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-10072" }, { "category": "external", "summary": "RHBZ#1723708", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10072", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10072" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072" }, { "category": "external", "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41", "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41" }, { "category": "external", "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20", "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20" } ], "release_date": "2019-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:08:26+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "category": "workaround", "details": "pki-servlet-container does not use HTTP/2 in its default configuration.", "product_ids": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el6jws.src", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.noarch", "6Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el6jws.src", "6Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el6jws.noarch", "6Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.i686", "6Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el6jws.x86_64", "6Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el6jws.src", "6Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el6jws.noarch", "6Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el6jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el7jws.src", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.noarch", "7Server-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el7jws.src", "7Server-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el7jws.noarch", "7Server-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el7jws.x86_64", "7Server-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el7jws.src", "7Server-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el7jws.noarch", "7Server-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el7jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-ecj-0:4.12.0-1.redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-javapackages-tools-0:3.4.1-5.15.11.el8jws.src", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.noarch", "8Base-JWS-5.2:jws5-jboss-logging-0:3.3.2-1.Final_redhat_00001.1.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-mod_cluster-0:1.4.1-1.Final_redhat_00001.2.el8jws.src", "8Base-JWS-5.2:jws5-mod_cluster-tomcat-0:1.4.1-1.Final_redhat_00001.2.el8jws.noarch", "8Base-JWS-5.2:jws5-python-javapackages-0:3.4.1-5.15.11.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-0:9.0.21-10.redhat_4.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-admin-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-docs-webapp-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-el-3.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-javadoc-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-jsp-2.3-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-lib-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-native-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-native-debuginfo-0:1.2.21-34.redhat_34.el8jws.x86_64", "8Base-JWS-5.2:jws5-tomcat-selinux-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-servlet-4.0-api-0:9.0.21-10.redhat_4.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-vault-0:1.1.8-1.Final_redhat_1.1.el8jws.src", "8Base-JWS-5.2:jws5-tomcat-vault-javadoc-0:1.1.8-1.Final_redhat_1.1.el8jws.noarch", "8Base-JWS-5.2:jws5-tomcat-webapps-0:9.0.21-10.redhat_4.1.el8jws.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199" } ] }
rhsa-2019_0483
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for openssl is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Perform the RSA signature self-tests with SHA-256 (BZ#1673914)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2019:0483", "url": "https://access.redhat.com/errata/RHSA-2019:0483" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1645695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0483.json" } ], "title": "Red Hat Security Advisory: openssl security and bug fix update", "tracking": { "current_release_date": "2024-11-22T12:38:28+00:00", "generator": { "date": "2024-11-22T12:38:28+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2019:0483", "initial_release_date": "2019-03-13T13:00:21+00:00", "revision_history": [ { "date": "2019-03-13T13:00:21+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-03-13T13:00:21+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T12:38:28+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Client (v. 7)", "product": { "name": "Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Client Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": "Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "product": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "product": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "product": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64", "product": { "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64", "product_id": "openssl-1:1.0.2k-16.el7_6.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "product": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "product_id": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "product": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "product_id": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-16.el7_6.1?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686", "product": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686", "product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686", "product": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686", "product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "product": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=i686\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686", "product": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686", "product_id": "openssl-static-1:1.0.2k-16.el7_6.1.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=i686\u0026epoch=1" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "openssl-1:1.0.2k-16.el7_6.1.src", "product": { "name": "openssl-1:1.0.2k-16.el7_6.1.src", "product_id": "openssl-1:1.0.2k-16.el7_6.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "product": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "product_id": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "product": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "product": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "product_id": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "product": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "product": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64", "product": { "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64", "product_id": "openssl-1:1.0.2k-16.el7_6.1.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=aarch64\u0026epoch=1" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390", "product": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390", "product_id": "openssl-static-1:1.0.2k-16.el7_6.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=s390\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "product": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=s390\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390", "product": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390", "product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=s390\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390", "product": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390", "product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=s390\u0026epoch=1" } } } ], "category": "architecture", "name": "s390" }, { "branches": [ { "category": "product_version", "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x", "product": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x", "product_id": "openssl-static-1:1.0.2k-16.el7_6.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "product": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "product": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "product_id": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "product": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "product": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-1:1.0.2k-16.el7_6.1.s390x", "product": { "name": "openssl-1:1.0.2k-16.el7_6.1.s390x", "product_id": "openssl-1:1.0.2k-16.el7_6.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "product": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "product_id": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "product": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "product": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "product_id": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "product": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "product": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le", "product": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le", "product_id": "openssl-1:1.0.2k-16.el7_6.1.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc", "product": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc", "product_id": "openssl-static-1:1.0.2k-16.el7_6.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=ppc\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "product": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=ppc\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "product": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=ppc\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "product": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=ppc\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "product": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "product_id": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-static@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "product": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "product_id": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-debuginfo@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "product": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "product_id": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-perl@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "product": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "product_id": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-libs@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "product": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "product_id": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl-devel@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1" } } }, { "category": "product_version", "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64", "product": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64", "product_id": "openssl-1:1.0.2k-16.el7_6.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openssl@1.0.2k-16.el7_6.1?arch=ppc64\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)", "product_id": "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Client-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Client-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7ComputeNode-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7ComputeNode-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)", "product_id": "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)", "product_id": "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Server-optional-Alt-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Workstation-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.src", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.i686", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.s390x", "relates_to_product_reference": "7Workstation-optional-7.6.Z" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64" }, "product_reference": "openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "relates_to_product_reference": "7Workstation-optional-7.6.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-0735", "cwe": { "id": "CWE-385", "name": "Covert Timing Channel" }, "discovery_date": "2018-10-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1644356" } ], "notes": [ { "category": "description", "text": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: timing side channel attack in the ECDSA signature generation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-0735" }, { "category": "external", "summary": "RHBZ#1644356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644356" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0735", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0735" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735" } ], "release_date": "2018-10-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-03-13T13:00:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "product_ids": [ "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:0483" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "openssl: timing side channel attack in the ECDSA signature generation" }, { "acknowledgments": [ { "names": [ "Alejandro Cabrera Aldaya" ], "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba" }, { "names": [ "Billy Bob Brumley", "Cesar Pereida Garcia", "Sohaib ul Hassan" ] }, { "names": [ "Nicola Tuveri" ], "organization": "Tampere University of Technology; Finland" } ], "cve": "CVE-2018-5407", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2018-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1645695" } ], "notes": [ { "category": "description", "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-5407" }, { "category": "external", "summary": "RHBZ#1645695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407" }, { "category": "external", "summary": "https://github.com/bbbrumley/portsmash", "url": "https://github.com/bbbrumley/portsmash" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20181112.txt", "url": "https://www.openssl.org/news/secadv/20181112.txt" } ], "release_date": "2018-10-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-03-13T13:00:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.", "product_ids": [ "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:0483" }, { "category": "workaround", "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.", "product_ids": [ "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Client-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Client-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Client-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Client-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7ComputeNode-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7ComputeNode-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7ComputeNode-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Server-optional-Alt-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Server-optional-Alt-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Workstation-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.src", "7Workstation-optional-7.6.Z:openssl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-debuginfo-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-devel-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-libs-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-perl-1:1.0.2k-16.el7_6.1.x86_64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.aarch64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.i686", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.ppc64le", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.s390x", "7Workstation-optional-7.6.Z:openssl-static-1:1.0.2k-16.el7_6.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)" } ] }
rhsa-2019_3931
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss Web Server 5.2.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n \nRefer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) \n* tomcat: XSS in SSI printenv (CVE-2019-0221) \n* openssl: 0-byte record padding oracle (CVE-2019-1559) \n* tomcat: HTTP/2 implementation leads to denial of service (CVE-2019-10072)\n* tomcat: Apache Tomcat HTTP/2 DoS (CVE-2019-0199)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2019:3931", "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1645695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695" }, { "category": "external", "summary": "1683804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804" }, { "category": "external", "summary": "1693325", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325" }, { "category": "external", "summary": "1713275", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275" }, { "category": "external", "summary": "1723708", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3931.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Web Server 5.2 security release", "tracking": { "current_release_date": "2024-11-22T13:26:27+00:00", "generator": { "date": "2024-11-22T13:26:27+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2019:3931", "initial_release_date": "2019-11-20T16:04:24+00:00", "revision_history": [ { "date": "2019-11-20T16:04:24+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-12-02T16:22:21+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T13:26:27+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Web Server 5", "product": { "name": "Red Hat JBoss Web Server 5", "product_id": "Red Hat JBoss Web Server 5", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.2" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Alejandro Cabrera Aldaya" ], "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba" }, { "names": [ "Billy Bob Brumley", "Cesar Pereida Garcia", "Sohaib ul Hassan" ] }, { "names": [ "Nicola Tuveri" ], "organization": "Tampere University of Technology; Finland" } ], "cve": "CVE-2018-5407", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2018-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1645695" } ], "notes": [ { "category": "description", "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 5" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-5407" }, { "category": "external", "summary": "RHBZ#1645695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407" }, { "category": "external", "summary": "https://github.com/bbbrumley/portsmash", "url": "https://github.com/bbbrumley/portsmash" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20181112.txt", "url": "https://www.openssl.org/news/secadv/20181112.txt" } ], "release_date": "2018-10-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:04:24+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Web Server 5" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "category": "workaround", "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.", "product_ids": [ "Red Hat JBoss Web Server 5" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Web Server 5" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)" }, { "cve": "CVE-2019-0199", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-03-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1693325" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Tomcat, where the HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open, which enables them to cause server-side threads to block. This flaw eventually leads to a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Apache Tomcat HTTP/2 DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "pki-servlet-container does not use HTTP/2 in its default configuration.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 5" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0199" }, { "category": "external", "summary": "RHBZ#1693325", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693325" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0199", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0199" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0199" } ], "release_date": "2019-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:04:24+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Web Server 5" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3931" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Web Server 5" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat: Apache Tomcat HTTP/2 DoS" }, { "cve": "CVE-2019-0221", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2019-05-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1713275" } ], "notes": [ { "category": "description", "text": "The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: XSS in SSI printenv", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 5" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0221" }, { "category": "external", "summary": "RHBZ#1713275", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713275" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0221", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0221" } ], "release_date": "2019-04-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:04:24+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Web Server 5" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "category": "workaround", "details": "SSI is disabled in the default Tomcat configuration. The vulnerable printenv command is intended for debugging, and is recommended to not be enabled for a production website.", "product_ids": [ "Red Hat JBoss Web Server 5" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Web Server 5" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: XSS in SSI printenv" }, { "cve": "CVE-2019-1559", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "discovery_date": "2019-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1683804" } ], "notes": [ { "category": "description", "text": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: 0-byte record padding oracle", "title": "Vulnerability summary" }, { "category": "other", "text": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n - The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n - the attacker has to be a MITM\n - the attacker has to be able to control the client side to send requests to the buggy server on demand", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 5" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-1559" }, { "category": "external", "summary": "RHBZ#1683804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683804" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-1559", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1559" }, { "category": "external", "summary": "https://github.com/RUB-NDS/TLS-Padding-Oracles", "url": "https://github.com/RUB-NDS/TLS-Padding-Oracles" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20190226.txt", "url": "https://www.openssl.org/news/secadv/20190226.txt" } ], "release_date": "2019-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:04:24+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Web Server 5" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "category": "workaround", "details": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.", "product_ids": [ "Red Hat JBoss Web Server 5" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Web Server 5" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: 0-byte record padding oracle" }, { "cve": "CVE-2019-10072", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-06-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1723708" } ], "notes": [ { "category": "description", "text": "The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 5" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-10072" }, { "category": "external", "summary": "RHBZ#1723708", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723708" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10072", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10072" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10072" }, { "category": "external", "summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41", "url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41" }, { "category": "external", "summary": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20", "url": "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20" } ], "release_date": "2019-06-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:04:24+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Web Server 5" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "category": "workaround", "details": "pki-servlet-container does not use HTTP/2 in its default configuration.", "product_ids": [ "Red Hat JBoss Web Server 5" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "Red Hat JBoss Web Server 5" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199" } ] }
rhba-2019_1088
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated rhvm-appliance packages that fix several bugs and add various enhancements are now available.", "title": "Topic" }, { "category": "general", "text": "Updated rhvm-appliance packages that fix several bugs and add various enhancements are now available.\n\nThe RHVM Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal\n\nIn this release, support has been added for OpenSCAP security profiles that can be enabled during self-hosted engine deployment. (BZ#1392051)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHBA-2019:1088", "url": "https://access.redhat.com/errata/RHBA-2019:1088" }, { "category": "external", "summary": "1578835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578835" }, { "category": "external", "summary": "1579000", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579000" }, { "category": "external", "summary": "1659450", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659450" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhba-2019_1088.json" } ], "title": "Red Hat Bug Fix Advisory: rhvm-appliance security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-15T02:07:09+00:00", "generator": { "date": "2024-11-15T02:07:09+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHBA-2019:1088", "initial_release_date": "2019-05-08T12:28:47+00:00", "revision_history": [ { "date": "2019-05-08T12:28:47+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-05-08T12:28:47+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T02:07:09+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts", "product": { "name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts", "product_id": "7Server-RHEV-4-Agents-7", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor" } } }, { "category": "product_name", "name": "Red Hat Virtualization 4 Hypervisor for RHEL 7", "product": { "name": "Red Hat Virtualization 4 Hypervisor for RHEL 7", "product_id": "7Server-RHEV-4-Hypervisor-7", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor" } } } ], "category": "product_family", "name": "Red Hat Virtualization" }, { "branches": [ { "category": "product_version", "name": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64", "product": { "name": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64", "product_id": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm-appliance@4.3-20190409.0.el7?arch=x86_64\u0026epoch=2" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rhvm-appliance-2:4.3-20190409.0.el7.src", "product": { "name": "rhvm-appliance-2:4.3-20190409.0.el7.src", "product_id": "rhvm-appliance-2:4.3-20190409.0.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm-appliance@4.3-20190409.0.el7?arch=src\u0026epoch=2" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhvm-appliance-2:4.3-20190409.0.el7.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts", "product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.src" }, "product_reference": "rhvm-appliance-2:4.3-20190409.0.el7.src", "relates_to_product_reference": "7Server-RHEV-4-Agents-7" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts", "product_id": "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64" }, "product_reference": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64", "relates_to_product_reference": "7Server-RHEV-4-Agents-7" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-appliance-2:4.3-20190409.0.el7.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7", "product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.src" }, "product_reference": "rhvm-appliance-2:4.3-20190409.0.el7.src", "relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7", "product_id": "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64" }, "product_reference": "rhvm-appliance-2:4.3-20190409.0.el7.x86_64", "relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Alejandro Cabrera Aldaya" ], "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba" }, { "names": [ "Billy Bob Brumley", "Cesar Pereida Garcia", "Sohaib ul Hassan" ] }, { "names": [ "Nicola Tuveri" ], "organization": "Tampere University of Technology; Finland" } ], "cve": "CVE-2018-5407", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2018-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1645695" } ], "notes": [ { "category": "description", "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.src", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-5407" }, { "category": "external", "summary": "RHBZ#1645695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407" }, { "category": "external", "summary": "https://github.com/bbbrumley/portsmash", "url": "https://github.com/bbbrumley/portsmash" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20181112.txt", "url": "https://www.openssl.org/news/secadv/20181112.txt" } ], "release_date": "2018-10-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-05-08T12:28:47+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.src", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2019:1088" }, { "category": "workaround", "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.", "product_ids": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.src", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.src", "7Server-RHEV-4-Agents-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.src", "7Server-RHEV-4-Hypervisor-7:rhvm-appliance-2:4.3-20190409.0.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)" } ] }
rhsa-2019_2125
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for ovmf is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.\n\nSecurity Fix(es):\n\n* edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731)\n\n* edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732)\n\n* edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733)\n\n* edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2017-5734)\n\n* edk2: Privilege escalation via heap-based buffer overflow in Decode() function (CVE-2017-5735)\n\n* edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users (CVE-2018-3613)\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\n* edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181)\n\n* edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160)\n\n* edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2019:2125", "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index" }, { "category": "external", "summary": "1641433", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641433" }, { "category": "external", "summary": "1641442", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641442" }, { "category": "external", "summary": "1641446", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641446" }, { "category": "external", "summary": "1641450", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641450" }, { "category": "external", "summary": "1641458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641458" }, { "category": "external", "summary": "1641465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641465" }, { "category": "external", "summary": "1645695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695" }, { "category": "external", "summary": "1686783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686783" }, { "category": "external", "summary": "1691640", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691640" }, { "category": "external", "summary": "1694065", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694065" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2125.json" } ], "title": "Red Hat Security Advisory: ovmf security and enhancement update", "tracking": { "current_release_date": "2024-12-02T08:50:47+00:00", "generator": { "date": "2024-12-02T08:50:47+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2019:2125", "initial_release_date": "2019-08-06T12:11:30+00:00", "revision_history": [ { "date": "2019-08-06T12:11:30+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-08-06T12:11:30+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-02T08:50:47+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.7", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "product": { "name": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "product_id": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/OVMF@20180508-6.gitee3198e672e2.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "ovmf-0:20180508-6.gitee3198e672e2.el7.src", "product": { "name": "ovmf-0:20180508-6.gitee3198e672e2.el7.src", "product_id": "ovmf-0:20180508-6.gitee3198e672e2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovmf@20180508-6.gitee3198e672e2.el7?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch" }, "product_reference": "OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "relates_to_product_reference": "7Server-7.7" }, { "category": "default_component_of", "full_product_name": { "name": "ovmf-0:20180508-6.gitee3198e672e2.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" }, "product_reference": "ovmf-0:20180508-6.gitee3198e672e2.el7.src", "relates_to_product_reference": "7Server-7.7" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-5731", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2018-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1641442" } ], "notes": [ { "category": "description", "text": "Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.", "title": "Vulnerability description" }, { "category": "summary", "text": "edk2: Privilege escalation via processing of malformed files in TianoCompress.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-5731" }, { "category": "external", "summary": "RHBZ#1641442", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641442" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5731", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5731" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5731", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5731" }, { "category": "external", "summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html", "url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html" } ], "release_date": "2018-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-06T12:11:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2125" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "edk2: Privilege escalation via processing of malformed files in TianoCompress.c" }, { "cve": "CVE-2017-5732", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2018-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1641446" } ], "notes": [ { "category": "description", "text": "[REJECTED CVE] A vulnerability exists in EDK-2 within BaseUefiDecompressLib.c (MdePkg/Library/BaseUefiDecompressLib). An authenticated attacker could exploit this vulnerability by supplying a crafted file, potentially leading to privilege escalation.", "title": "Vulnerability description" }, { "category": "summary", "text": "edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-5732" }, { "category": "external", "summary": "RHBZ#1641446", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641446" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5732", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5732" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5732", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5732" }, { "category": "external", "summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html", "url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html" } ], "release_date": "2018-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-06T12:11:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2125" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c" }, { "cve": "CVE-2017-5733", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2018-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1641450" } ], "notes": [ { "category": "description", "text": "[REJECTED CVE] A heap-based buffer overflow vulnerability exists in EDK II within the MakeTable() function of BaseUefiDecompressLib.c, TianoCompress.c, and the UEFI specification. An authenticated attacker could exploit this flaw by supplying a crafted file, potentially leading to privilege escalation.", "title": "Vulnerability description" }, { "category": "summary", "text": "edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-5733" }, { "category": "external", "summary": "RHBZ#1641450", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641450" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5733", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5733" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5733", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5733" }, { "category": "external", "summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html", "url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html" } ], "release_date": "2018-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-06T12:11:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2125" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function" }, { "cve": "CVE-2017-5734", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2018-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1641458" } ], "notes": [ { "category": "description", "text": "[REJECTED CVE] A stack-based buffer overflow vulnerability was identified in EDK-2 within the MakeTable() function of BaseUefiDecompressLib.c, TianoCompress.c, and the UEFI specification. An authenticated attacker could exploit this vulnerability by supplying a crafted file, potentially leading to privilege escalation.", "title": "Vulnerability description" }, { "category": "summary", "text": "edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-5734" }, { "category": "external", "summary": "RHBZ#1641458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641458" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5734", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5734" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5734", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5734" }, { "category": "external", "summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html", "url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html" } ], "release_date": "2018-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-06T12:11:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2125" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function" }, { "cve": "CVE-2017-5735", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2018-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1641465" } ], "notes": [ { "category": "description", "text": "[REJECTED CVE] A heap-based buffer overflow issue was identified in EDK2 in the Decode() function of BaseUefiDecompressLib.c, TianoCompress.c and UEFI Specification. The issue arises from improper handling of data, which could allow an authenticated attacker to exploit it by supplying a crafted file. This could lead to privilege escalation.", "title": "Vulnerability description" }, { "category": "summary", "text": "edk2: Privilege escalation via heap-based buffer overflow in Decode() function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-5735" }, { "category": "external", "summary": "RHBZ#1641465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641465" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5735", "url": "https://www.cve.org/CVERecord?id=CVE-2017-5735" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5735", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5735" }, { "category": "external", "summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html", "url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html" } ], "release_date": "2018-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-06T12:11:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2125" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "edk2: Privilege escalation via heap-based buffer overflow in Decode() function" }, { "cve": "CVE-2018-3613", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2018-10-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1641433" } ], "notes": [ { "category": "description", "text": "Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.", "title": "Vulnerability description" }, { "category": "summary", "text": "edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-3613" }, { "category": "external", "summary": "RHBZ#1641433", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641433" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3613", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3613" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3613", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3613" }, { "category": "external", "summary": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html", "url": "https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html" } ], "release_date": "2018-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-06T12:11:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2125" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users" }, { "acknowledgments": [ { "names": [ "Alejandro Cabrera Aldaya" ], "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba" }, { "names": [ "Billy Bob Brumley", "Cesar Pereida Garcia", "Sohaib ul Hassan" ] }, { "names": [ "Nicola Tuveri" ], "organization": "Tampere University of Technology; Finland" } ], "cve": "CVE-2018-5407", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2018-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1645695" } ], "notes": [ { "category": "description", "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-5407" }, { "category": "external", "summary": "RHBZ#1645695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407" }, { "category": "external", "summary": "https://github.com/bbbrumley/portsmash", "url": "https://github.com/bbbrumley/portsmash" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20181112.txt", "url": "https://www.openssl.org/news/secadv/20181112.txt" } ], "release_date": "2018-10-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-06T12:11:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "category": "workaround", "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.", "product_ids": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)" }, { "cve": "CVE-2018-12181", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "discovery_date": "2019-03-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1686783" } ], "notes": [ { "category": "description", "text": "A stack-based buffer overflow was discovered in edk2 when the HII database contains a Bitmap that claims to be 4-bit or 8-bit per pixel, but the palette contains more than 16(2^4) or 256(2^8) colors.", "title": "Vulnerability description" }, { "category": "summary", "text": "edk2: Stack buffer overflow with corrupted BMP", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-12181" }, { "category": "external", "summary": "RHBZ#1686783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-12181", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12181" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12181", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12181" } ], "release_date": "2019-03-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-06T12:11:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2125" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "edk2: Stack buffer overflow with corrupted BMP" }, { "cve": "CVE-2019-0160", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "discovery_date": "2019-03-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1691640" } ], "notes": [ { "category": "description", "text": "Buffer overflows were discovered in UDF-related codes under MdeModulePkg\\Universal\\Disk\\PartitionDxe\\Udf.c and MdeModulePkg\\Universal\\Disk\\UdfDxe, which could be triggered with long file names or invalid formatted UDF media.", "title": "Vulnerability description" }, { "category": "summary", "text": "edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0160" }, { "category": "external", "summary": "RHBZ#1691640", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691640" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0160", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0160" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0160", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0160" } ], "release_date": "2019-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-06T12:11:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2125" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media" }, { "cve": "CVE-2019-0161", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1694065" } ], "notes": [ { "category": "description", "text": "Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.", "title": "Vulnerability description" }, { "category": "summary", "text": "edk2: stack overflow in XHCI causing denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0161" }, { "category": "external", "summary": "RHBZ#1694065", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694065" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0161", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0161" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0161", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0161" }, { "category": "external", "summary": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html", "url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html" } ], "release_date": "2018-06-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-08-06T12:11:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:2125" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "7Server-7.7:OVMF-0:20180508-6.gitee3198e672e2.el7.noarch", "7Server-7.7:ovmf-0:20180508-6.gitee3198e672e2.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "edk2: stack overflow in XHCI causing denial of service" } ] }
rhba-2019_1053
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated \u200b\u200bredhat-virtualization-host packages that fix several bugs and add various enhancements are now available.", "title": "Topic" }, { "category": "general", "text": "The imgbased packages provide a way to create read-only base images from squashfs images, and a way to manage writable filesystem layers on top of those base images, including the installation of new images through yum and selection of a layer from runtime.\n\nThe redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nThe redhat-release-virtualization-host package provides the Red Hat Virtualization Host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nChanges to the imgbased component:\n\n* Previously, Red Hat Virtualization Host entered emergency mode after it was updated to the latest version and rebooted twice. This was due to the presence of a local disk WWID in /etc/multipath/wwids.\n\nIn the current release, /etc/multipath/wwids has been removed. During upgrades, imgbased now calls \"vdsm-tool configure --force\" in the new layer, using the SYSTEMD_IGNORE_CHROOT environment variable. (BZ#1636028)\n\n* Previously, the default ntp.conf file was migrated to chrony even when NTP was disabled, overwriting chrony.conf file with incorrect values. In the current release, ntp.conf is only migrated if NTP is enabled. (BZ#1638606)\n\n* Previously, imgbased failed upon receiving the e2fsck return code 1 when creating a new layer. In the current release, imgbased handles the e2fsck return code 1 as a success, since the new file system is correct and the new layer is installed successfully. (BZ#1645395)\n\n* Previously, even if lvmetad was disabled in the configuration, the lvmetad service left a pid file hanging. As a result, entering lvm commands displayed warnings.\n\nThe current release masks the lvmetad service during build so it never starts and lvm commands do not show warnings. (BZ#1652795)\n\nChanges to the redhat-virtualization-host component:\n\n* Previously, during an upgrade, dracut running inside chroot did not detect the cpuinfo and the kernel config files because /proc was not mounted and /boot was bindmounted. As a result, the correct microcode was missing from the initramfs.\n\nThe current release bindmounts /proc to the chroot and removes the --hostonly flag. This change inserts both AMD and Intel microcodes into the initramfs and boots the host after an upgrade. (BZ#1652519)\n\n* The current release applies the OpenSCAP security profile when installing and upgrading RHV-H. This feature helps organizations comply with the Security Content Automation Protocol (SCAP) standards. (BZ#1654253)\n\n* Do not use a VNC-based connection to deploy Red Hat Virtualization Manager as a self-hosted engine. The VNC protocol does not support password auth in FIPS mode. As a result, the self-hosted engine will fail to deploy.\n\nInstead, deploy the Manager as a self-hosted engine, use a SPICE-based connection. (BZ#1591693)\n\n* The current release ships a new version of Red Hat Gluster Storage, RHGS 3.4.4, in Red Hat Virtualization Host (RHVH). (BZ#1679133)\n\n* Previously, changing log levels required editing libvirt.conf and restarting the libvirtd service. This restart prevented support from collecting data and made reproducing issues more difficult.\n\nThe current release adds the libvirt-admin package to the optional channel for Red Hat Virtualization Host. Installing this package enables you to run the virt-admin command to change libvirt logging levels on the fly. (BZ#1571283)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHBA-2019:1053", "url": "https://access.redhat.com/errata/RHBA-2019:1053" }, { "category": "external", "summary": "1436519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1436519" }, { "category": "external", "summary": "1571283", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571283" }, { "category": "external", "summary": "1591693", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591693" }, { "category": "external", "summary": "1630263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1630263" }, { "category": "external", "summary": "1630267", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1630267" }, { "category": "external", "summary": "1632741", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632741" }, { "category": "external", "summary": "1633069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633069" }, { "category": "external", "summary": "1633075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633075" }, { "category": "external", "summary": "1636028", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1636028" }, { "category": "external", "summary": "1638606", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1638606" }, { "category": "external", "summary": "1645395", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645395" }, { "category": "external", "summary": "1646147", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646147" }, { "category": "external", "summary": "1652519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652519" }, { "category": "external", "summary": "1652789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652789" }, { "category": "external", "summary": "1652795", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652795" }, { "category": "external", "summary": "1652817", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652817" }, { "category": "external", "summary": "1653137", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653137" }, { "category": "external", "summary": "1653669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1653669" }, { "category": "external", "summary": "1654253", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1654253" }, { "category": "external", "summary": "1655003", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1655003" }, { "category": "external", "summary": "1669377", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1669377" }, { "category": "external", "summary": "1673953", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1673953" }, { "category": "external", "summary": "1679133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679133" }, { "category": "external", "summary": "1693710", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693710" }, { "category": "external", "summary": "1693897", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693897" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhba-2019_1053.json" } ], "title": "Red Hat Bug Fix Advisory: redhat-virtualization-host bug fix and enhancement update", "tracking": { "current_release_date": "2024-11-15T02:07:00+00:00", "generator": { "date": "2024-11-15T02:07:00+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHBA-2019:1053", "initial_release_date": "2019-05-08T12:26:02+00:00", "revision_history": [ { "date": "2019-05-08T12:26:02+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-05-08T12:26:02+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T02:07:00+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)", "product": { "name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)", "product_id": "7Server-RHEV-4-HypervisorBuild-7", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor" } } }, { "category": "product_name", "name": "Red Hat Virtualization 4 Hypervisor for RHEL 7", "product": { "name": "Red Hat Virtualization 4 Hypervisor for RHEL 7", "product_id": "7Server-RHEV-4-Hypervisor-7", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor" } } } ], "category": "product_family", "name": "Red Hat Virtualization" }, { "branches": [ { "category": "product_version", "name": "ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src", "product": { "name": "ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src", "product_id": "ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-node-ng@4.3.0-0.20181213.0.el7ev?arch=src" } } }, { "category": "product_version", "name": "redhat-release-virtualization-host-0:4.3-0.5.el7.src", "product": { "name": "redhat-release-virtualization-host-0:4.3-0.5.el7.src", "product_id": "redhat-release-virtualization-host-0:4.3-0.5.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.3-0.5.el7?arch=src" } } }, { "category": "product_version", "name": "imgbased-0:1.1.7-0.1.el7ev.src", "product": { "name": "imgbased-0:1.1.7-0.1.el7ev.src", "product_id": "imgbased-0:1.1.7-0.1.el7ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/imgbased@1.1.7-0.1.el7ev?arch=src" } } }, { "category": "product_version", "name": "redhat-virtualization-host-0:4.3-20190409.0.el7_6.src", "product": { "name": "redhat-virtualization-host-0:4.3-20190409.0.el7_6.src", "product_id": "redhat-virtualization-host-0:4.3-20190409.0.el7_6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/redhat-virtualization-host@4.3-20190409.0.el7_6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch", "product": { "name": "python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch", "product_id": "python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python2-ovirt-node-ng-nodectl@4.3.0-0.20181213.0.el7ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch", "product": { "name": "ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch", "product_id": "ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-node-ng-nodectl@4.3.0-0.20181213.0.el7ev?arch=noarch" } } }, { "category": "product_version", "name": "redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch", "product": { "name": "redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch", "product_id": "redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.3-0.5.el7?arch=noarch" } } }, { "category": "product_version", "name": "imgbased-0:1.1.7-0.1.el7ev.noarch", "product": { "name": "imgbased-0:1.1.7-0.1.el7ev.noarch", "product_id": "imgbased-0:1.1.7-0.1.el7ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/imgbased@1.1.7-0.1.el7ev?arch=noarch" } } }, { "category": "product_version", "name": "python-imgbased-0:1.1.7-0.1.el7ev.noarch", "product": { "name": "python-imgbased-0:1.1.7-0.1.el7ev.noarch", "product_id": "python-imgbased-0:1.1.7-0.1.el7ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-imgbased@1.1.7-0.1.el7ev?arch=noarch" } } }, { "category": "product_version", "name": "redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch", "product": { "name": "redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch", "product_id": "redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.3-20190409.0.el7_6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64", "product": { "name": "redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64", "product_id": "redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.3-0.5.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "redhat-virtualization-host-0:4.3-20190409.0.el7_6.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7", "product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3-20190409.0.el7_6.src" }, "product_reference": "redhat-virtualization-host-0:4.3-20190409.0.el7_6.src", "relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7" }, { "category": "default_component_of", "full_product_name": { "name": "redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7", "product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch" }, "product_reference": "redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch", "relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7" }, { "category": "default_component_of", "full_product_name": { "name": "imgbased-0:1.1.7-0.1.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)", "product_id": "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.noarch" }, "product_reference": "imgbased-0:1.1.7-0.1.el7ev.noarch", "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7" }, { "category": "default_component_of", "full_product_name": { "name": "imgbased-0:1.1.7-0.1.el7ev.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)", "product_id": "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.src" }, "product_reference": "imgbased-0:1.1.7-0.1.el7ev.src", "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)", "product_id": "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src" }, "product_reference": "ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src", "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)", "product_id": "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch" }, "product_reference": "ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch", "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7" }, { "category": "default_component_of", "full_product_name": { "name": "python-imgbased-0:1.1.7-0.1.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)", "product_id": "7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.7-0.1.el7ev.noarch" }, "product_reference": "python-imgbased-0:1.1.7-0.1.el7ev.noarch", "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7" }, { "category": "default_component_of", "full_product_name": { "name": "python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)", "product_id": "7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch" }, "product_reference": "python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch", "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7" }, { "category": "default_component_of", "full_product_name": { "name": "redhat-release-virtualization-host-0:4.3-0.5.el7.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)", "product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.src" }, "product_reference": "redhat-release-virtualization-host-0:4.3-0.5.el7.src", "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7" }, { "category": "default_component_of", "full_product_name": { "name": "redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64 as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)", "product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64" }, "product_reference": "redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64", "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7" }, { "category": "default_component_of", "full_product_name": { "name": "redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)", "product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch" }, "product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch", "relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Alejandro Cabrera Aldaya" ], "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba" }, { "names": [ "Billy Bob Brumley", "Cesar Pereida Garcia", "Sohaib ul Hassan" ] }, { "names": [ "Nicola Tuveri" ], "organization": "Tampere University of Technology; Finland" } ], "cve": "CVE-2018-5407", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2018-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1645695" } ], "notes": [ { "category": "description", "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3-20190409.0.el7_6.src", "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch", "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.noarch", "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.src", "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src", "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch", "7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.7-0.1.el7ev.noarch", "7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch", "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.src", "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64", "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-5407" }, { "category": "external", "summary": "RHBZ#1645695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407" }, { "category": "external", "summary": "https://github.com/bbbrumley/portsmash", "url": "https://github.com/bbbrumley/portsmash" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20181112.txt", "url": "https://www.openssl.org/news/secadv/20181112.txt" } ], "release_date": "2018-10-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-05-08T12:26:02+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3-20190409.0.el7_6.src", "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch", "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.noarch", "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.src", "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src", "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch", "7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.7-0.1.el7ev.noarch", "7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch", "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.src", "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64", "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHBA-2019:1053" }, { "category": "workaround", "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.", "product_ids": [ "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3-20190409.0.el7_6.src", "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch", "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.noarch", "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.src", "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src", "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch", "7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.7-0.1.el7ev.noarch", "7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch", "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.src", "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64", "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3-20190409.0.el7_6.src", "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3-20190409.0.el7_6.noarch", "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.noarch", "7Server-RHEV-4-HypervisorBuild-7:imgbased-0:1.1.7-0.1.el7ev.src", "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-0:4.3.0-0.20181213.0.el7ev.src", "7Server-RHEV-4-HypervisorBuild-7:ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch", "7Server-RHEV-4-HypervisorBuild-7:python-imgbased-0:1.1.7-0.1.el7ev.noarch", "7Server-RHEV-4-HypervisorBuild-7:python2-ovirt-node-ng-nodectl-0:4.3.0-0.20181213.0.el7ev.noarch", "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.src", "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3-0.5.el7.x86_64", "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3-0.5.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)" } ] }
rhsa-2019_3933
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for JBoss Core Services on RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737)\n* openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)\n* mod_auth_digest: access control bypass due to race condition (CVE-2019-0217)\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n* mod_session_cookie does not respect expiry time (CVE-2018-17199)\n* mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n* mod_http2: possible crash on late upgrade (CVE-2019-0197)\n* mod_http2: read-after-free on a string compare (CVE-2019-0196)\n* nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)\n* nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)\n* mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n* mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2019:3933", "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1568253", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253" }, { "category": "external", "summary": "1644364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364" }, { "category": "external", "summary": "1645695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695" }, { "category": "external", "summary": "1668493", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493" }, { "category": "external", "summary": "1668497", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497" }, { "category": "external", "summary": "1695020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020" }, { "category": "external", "summary": "1695030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030" }, { "category": "external", "summary": "1695042", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042" }, { "category": "external", "summary": "1735741", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741" }, { "category": "external", "summary": "1741860", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860" }, { "category": "external", "summary": "1741864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864" }, { "category": "external", "summary": "1741868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868" }, { "category": "external", "summary": "JBCS-798", "url": "https://issues.redhat.com/browse/JBCS-798" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3933.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7", "tracking": { "current_release_date": "2024-11-22T12:47:07+00:00", "generator": { "date": "2024-11-22T12:47:07+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2019:3933", "initial_release_date": "2019-11-20T16:14:21+00:00", "revision_history": [ { "date": "2019-11-20T16:14:21+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-01-06T13:04:40+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T12:47:07+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product": { "name": "Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-devel@2.11-20.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson-debuginfo@2.11-20.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-63.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-63.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.1.1-25.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-48.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-48.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-48.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-48.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-48.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-48.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-48.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-48.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-48.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-devel@1.0.6-7.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli-debuginfo@1.0.6-7.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.39.2-4.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.39.2-4.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl@7.64.1-14.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-libcurl-devel@7.64.1-14.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl-debuginfo@7.64.1-14.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.37-33.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.37-33.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.37-33.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.37-33.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_md@2.4.37-33.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.37-33.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.37-33.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.37-33.jbcs.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.37-33.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-22.redhat_1.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-22.redhat_1.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-22.redhat_1.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.12-9.Final_redhat_2.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el7?arch=x86_64" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "product": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "product_id": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security-debuginfo@2.9.2-16.GA.jbcs.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "product": { "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "product_id": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-jansson@2.11-20.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "product": { "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "product_id": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-63.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "product": { "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "product_id": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.1.1-25.jbcs.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "product": { "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "product_id": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-48.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "product": { "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "product_id": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-brotli@1.0.6-7.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "product": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "product_id": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "product": { "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "product_id": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-curl@7.64.1-14.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "product": { "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "product_id": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.37-33.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-22.redhat_1.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.12-9.Final_redhat_2.jbcs.el7?arch=src" } } }, { "category": "product_version", "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "product": { "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "product_id": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "product": { "name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "product_id": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.37-33.jbcs.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch" }, "product_reference": "jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" }, { "category": "default_component_of", "full_product_name": { "name": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server", "product_id": "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" }, "product_reference": "jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64", "relates_to_product_reference": "7Server-JBCS" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-0734", "cwe": { "id": "CWE-385", "name": "Covert Timing Channel" }, "discovery_date": "2018-10-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1644364" } ], "notes": [ { "category": "description", "text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: timing side channel attack in the DSA signature algorithm", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-0734" }, { "category": "external", "summary": "RHBZ#1644364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644364" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0734", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0734" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734" } ], "release_date": "2018-10-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:14:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3933" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "openssl: timing side channel attack in the DSA signature algorithm" }, { "cve": "CVE-2018-0737", "cwe": { "id": "CWE-385", "name": "Covert Timing Channel" }, "discovery_date": "2018-04-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1568253" } ], "notes": [ { "category": "description", "text": "OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-0737" }, { "category": "external", "summary": "RHBZ#1568253", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568253" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0737", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0737" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2018/04/16/3", "url": "http://www.openwall.com/lists/oss-security/2018/04/16/3" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20180416.txt", "url": "https://www.openssl.org/news/secadv/20180416.txt" } ], "release_date": "2018-04-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:14:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3933" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys" }, { "acknowledgments": [ { "names": [ "Alejandro Cabrera Aldaya" ], "organization": "Universidad Tecnologica de la Habana CUJAE; Cuba" }, { "names": [ "Billy Bob Brumley", "Cesar Pereida Garcia", "Sohaib ul Hassan" ] }, { "names": [ "Nicola Tuveri" ], "organization": "Tampere University of Technology; Finland" } ], "cve": "CVE-2018-5407", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2018-11-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1645695" } ], "notes": [ { "category": "description", "text": "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-5407" }, { "category": "external", "summary": "RHBZ#1645695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5407", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407" }, { "category": "external", "summary": "https://github.com/bbbrumley/portsmash", "url": "https://github.com/bbbrumley/portsmash" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20181112.txt", "url": "https://www.openssl.org/news/secadv/20181112.txt" } ], "release_date": "2018-10-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:14:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "category": "workaround", "details": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)" }, { "cve": "CVE-2018-17189", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-01-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1668497" } ], "notes": [ { "category": "description", "text": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_http2: DoS via slow, unneeded request bodies", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-17189" }, { "category": "external", "summary": "RHBZ#1668497", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-17189", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17189" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189" } ], "release_date": "2019-01-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:14:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3933" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_http2: DoS via slow, unneeded request bodies" }, { "cve": "CVE-2018-17199", "cwe": { "id": "CWE-613", "name": "Insufficient Session Expiration" }, "discovery_date": "2019-01-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1668493" } ], "notes": [ { "category": "description", "text": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_session_cookie does not respect expiry time", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-17199" }, { "category": "external", "summary": "RHBZ#1668493", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-17199", "url": "https://www.cve.org/CVERecord?id=CVE-2018-17199" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199" } ], "release_date": "2019-01-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:14:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3933" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_session_cookie does not respect expiry time" }, { "cve": "CVE-2019-0196", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2019-04-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1695030" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_http2: read-after-free on a string compare", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0196" }, { "category": "external", "summary": "RHBZ#1695030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0196", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0196" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0196" }, { "category": "external", "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4", "url": "http://www.apache.org/dist/httpd/CHANGES_2.4" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2019-04-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:14:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3933" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_http2: read-after-free on a string compare" }, { "cve": "CVE-2019-0197", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2019-04-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1695042" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_http2: possible crash on late upgrade", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0197" }, { "category": "external", "summary": "RHBZ#1695042", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0197", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0197" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0197" }, { "category": "external", "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4", "url": "http://www.apache.org/dist/httpd/CHANGES_2.4" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2019-02-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:14:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3933" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "httpd: mod_http2: possible crash on late upgrade" }, { "cve": "CVE-2019-0217", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2019-04-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1695020" } ], "notes": [ { "category": "description", "text": "A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_auth_digest: access control bypass due to race condition", "title": "Vulnerability summary" }, { "category": "other", "text": "Based on the the fact that digest authentication is rarely used in modern day web applications and httpd package shipped with Red Hat products do not ship threaded MPM configuration by default, this flaw has been rated as having Moderate level security impact. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-0217" }, { "category": "external", "summary": "RHBZ#1695020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-0217", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0217" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217" }, { "category": "external", "summary": "http://www.apache.org/dist/httpd/CHANGES_2.4", "url": "http://www.apache.org/dist/httpd/CHANGES_2.4" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2019-04-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:14:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "category": "workaround", "details": "This flaw only affects a threaded server configuration, so using the prefork MPM is an effective mitigation. In versions of httpd package shipped with Red Hat Enterprise Linux 7, the prefork MPM is the default configuration.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_auth_digest: access control bypass due to race condition" }, { "cve": "CVE-2019-9511", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1741860" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: large amount of data requests leads to denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "There are no mitigations available for nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9511" }, { "category": "external", "summary": "RHBZ#1741860", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9511", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9511" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://kb.cert.org/vuls/id/605641/", "url": "https://kb.cert.org/vuls/id/605641/" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/" } ], "release_date": "2019-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:14:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "category": "workaround", "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: large amount of data requests leads to denial of service" }, { "acknowledgments": [ { "names": [ "the Envoy security team" ] } ], "cve": "CVE-2019-9513", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1735741" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has no available mitigation for packages nghttp2 and nodejs. Both packages will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9513" }, { "category": "external", "summary": "RHBZ#1735741", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9513", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9513" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/", "url": "https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/" } ], "release_date": "2019-08-13T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:14:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "category": "workaround", "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: flood using PRIORITY frames results in excessive resource consumption" }, { "cve": "CVE-2019-9516", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1741864" } ], "notes": [ { "category": "description", "text": "A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: 0-length headers lead to denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9516" }, { "category": "external", "summary": "RHBZ#1741864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9516", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9516" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://github.com/nghttp2/nghttp2/issues/1382#", "url": "https://github.com/nghttp2/nghttp2/issues/1382#" }, { "category": "external", "summary": "https://kb.cert.org/vuls/id/605641/", "url": "https://kb.cert.org/vuls/id/605641/" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" }, { "category": "external", "summary": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/", "url": "https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/" } ], "release_date": "2019-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:14:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "category": "workaround", "details": "Red Hat Quay 3.0 uses Nginx 1.12 from Red Hat Software Collections. It will be updated once a fixed is released for Software Collections. In the meantime users of Quay can disable http/2 support in Nginx by following these instructions:\n\n1. Copy the Nginx configuration from the quay container to the host\n$ docker cp 3aadf1421ba3:/quay-registry/conf/nginx/ /mnt/quay/nginx\n\n2. Edit the Nginx configuration, removing http/2 support\n$ sed -i \u0027s/http2 //g\u0027 /mnt/quay/nginx/nginx.conf\n\n3. Restart Nginx with the new configuration mounted into the container, eg:\n$ docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 -v /mnt/quay/config:/conf/stack:Z -v /mnt/quay/storage:/datastorage -v /mnt/quay/nginx:/quay-registry/config/nginx:Z -d quay.io/redhat/quay:v3.0.3", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: 0-length headers lead to denial of service" }, { "cve": "CVE-2019-9517", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2019-08-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1741868" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server\u0027s queue is setup, the responses can consume excess memory, CPU, or both, potentially leading to a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: request for large response leads to denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "The package httpd versions as shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this issue as HTTP/2 support is not provided.\nThis flaw has no available mitigation for nodejs package. It will be updated once the available fixes are released for Red Hat Enterprise Linux and Red Hat Software Collections.\n\nThe nodejs RPM shipped in OpenShift Container Platform 3.9 and 3.10 is not affected by this flaw as it does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-9517" }, { "category": "external", "summary": "RHBZ#1741868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-9517", "url": "https://www.cve.org/CVERecord?id=CVE-2019-9517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517" }, { "category": "external", "summary": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "category": "external", "summary": "https://kb.cert.org/vuls/id/605641/", "url": "https://kb.cert.org/vuls/id/605641/" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" } ], "release_date": "2019-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2019-11-20T16:14:21+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "category": "workaround", "details": "The httpd version shipped with Red Hat Enterprise Linux 8 provides HTTP/2 support through mod_http2 package. While mod_http2 package is not updated, users can disable HTTP/2 support as mitigation action by executing the following steps:\n\n1. Stop httpd service:\n$ systemctl stop httpd\n\n2. Remove http/2 protocol support from configuration files:\n$ sed -i \u0027s/\\(h2\\)\\|\\(h2c\\)//g\u0027 \u003chttpd_config_file\u003e\n\n3. Validate configuration files to make sure all syntax is valid:\n$ apachectl configtest\n\n4. Restart httpd service:\n$ systemctl start httpd", "product_ids": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-63.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-48.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-brotli-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-debuginfo-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-brotli-devel-0:1.0.6-7.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-curl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-curl-debuginfo-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.37-33.jbcs.el7.noarch", "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-jansson-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-debuginfo-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-jansson-devel-0:2.11-20.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-libcurl-devel-0:7.64.1-14.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.12-9.Final_redhat_2.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-22.redhat_1.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-22.redhat_1.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_md-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-mod_security-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_security-debuginfo-0:2.9.2-16.GA.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.37-33.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.39.2-4.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.src", "7Server-JBCS:jbcs-httpd24-openssl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.1.1-25.jbcs.el7.x86_64", "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.1.1-25.jbcs.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "HTTP/2: request for large response leads to denial of service" } ] }
wid-sec-w-2023-1594
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM Tivoli Network Manager ist eine Netzanalysesoftware f\u00fcr das Management komplexer Netze. Diese Software erfasst und verteilt Layer-2- und Layer-3-Netzdaten.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM Tivoli Network Manager ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1594 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1594.json" }, { "category": "self", "summary": "WID-SEC-2023-1594 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1594" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/885316" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/884276" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/883428" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/883424" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/882926" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/882898" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/882888" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/880403" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/880401" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/880395" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/879855" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/879841" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/870546" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/870526" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/870508" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/870504" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/870500" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/870498" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/743933" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/739297" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/739271" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/739249" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/739247" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/739245" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/739243" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/738231" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/731931" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/730883" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/730871" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/730845" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/730835" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/730171" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/720307" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/720283" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/720265" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/718745" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/717345" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/717335" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/717327" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/717007" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/716573" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/712213" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/712199" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/570557" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/569765" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/569727" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/569717" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/305321" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/304091" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/304089" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/303663" }, { "category": "external", "summary": "IBM Security Advisory vom 2023-06-28", "url": "https://www.ibm.com/support/pages/node/303657" } ], "source_lang": "en-US", "title": "IBM Tivoli Network Manager: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-06-28T22:00:00.000+00:00", "generator": { "date": "2024-08-15T17:53:31.776+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2023-1594", "initial_release_date": "2023-06-28T22:00:00.000+00:00", "revision_history": [ { "date": "2023-06-28T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 5", "product": { "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 5", "product_id": "T028343", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9_fix_pack_5" } } }, { "category": "product_name", "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9", "product": { "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9", "product_id": "T028344", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9" } } }, { "category": "product_name", "name": "IBM Tivoli Network Manager IP Edition \u003c 4.1.1", "product": { "name": "IBM Tivoli Network Manager IP Edition \u003c 4.1.1", "product_id": "T028345", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.1.1" } } }, { "category": "product_name", "name": "IBM Tivoli Network Manager IP Edition \u003c 4.2", "product": { "name": "IBM Tivoli Network Manager IP Edition \u003c 4.2", "product_id": "T028346", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__4.2" } } }, { "category": "product_name", "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.4", "product": { "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.4", "product_id": "T028347", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9.0.4" } } }, { "category": "product_name", "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.5", "product": { "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9.0.5", "product_id": "T028348", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9.0.5" } } }, { "category": "product_name", "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 4", "product": { "name": "IBM Tivoli Network Manager IP Edition \u003c 3.9 Fix Pack 4", "product_id": "T028349", "product_identification_helper": { "cpe": "cpe:/a:ibm:tivoli_network_manager:ip_edition__3.9_fix_pack_4" } } } ], "category": "product_name", "name": "Tivoli Network Manager" } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-4046", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2019-4046" }, { "cve": "CVE-2019-4030", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2019-4030" }, { "cve": "CVE-2019-2684", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2019-2684" }, { "cve": "CVE-2019-2602", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2019-2602" }, { "cve": "CVE-2019-2537", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2019-2537" }, { "cve": "CVE-2019-2534", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2019-2534" }, { "cve": "CVE-2019-2531", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2019-2531" }, { "cve": "CVE-2019-2529", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2019-2529" }, { "cve": "CVE-2019-2503", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2019-2503" }, { "cve": "CVE-2019-2482", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2019-2482" }, { "cve": "CVE-2019-2481", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2019-2481" }, { "cve": "CVE-2019-2455", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2019-2455" }, { "cve": "CVE-2019-1559", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2019-1559" }, { "cve": "CVE-2019-0220", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2019-0220" }, { "cve": "CVE-2018-8039", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-8039" }, { "cve": "CVE-2018-5407", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-5407" }, { "cve": "CVE-2018-3282", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3282" }, { "cve": "CVE-2018-3278", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3278" }, { "cve": "CVE-2018-3276", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3276" }, { "cve": "CVE-2018-3251", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3251" }, { "cve": "CVE-2018-3247", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3247" }, { "cve": "CVE-2018-3174", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3174" }, { "cve": "CVE-2018-3156", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3156" }, { "cve": "CVE-2018-3143", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3143" }, { "cve": "CVE-2018-3123", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3123" }, { "cve": "CVE-2018-3084", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3084" }, { "cve": "CVE-2018-3082", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3082" }, { "cve": "CVE-2018-3081", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3081" }, { "cve": "CVE-2018-3080", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3080" }, { "cve": "CVE-2018-3079", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3079" }, { "cve": "CVE-2018-3078", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3078" }, { "cve": "CVE-2018-3077", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3077" }, { "cve": "CVE-2018-3075", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3075" }, { "cve": "CVE-2018-3074", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3074" }, { "cve": "CVE-2018-3073", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3073" }, { "cve": "CVE-2018-3071", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3071" }, { "cve": "CVE-2018-3070", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3070" }, { "cve": "CVE-2018-3067", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3067" }, { "cve": "CVE-2018-3066", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3066" }, { "cve": "CVE-2018-3065", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3065" }, { "cve": "CVE-2018-3064", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3064" }, { "cve": "CVE-2018-3063", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3063" }, { "cve": "CVE-2018-3062", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3062" }, { "cve": "CVE-2018-3061", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3061" }, { "cve": "CVE-2018-3060", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3060" }, { "cve": "CVE-2018-3058", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3058" }, { "cve": "CVE-2018-3056", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3056" }, { "cve": "CVE-2018-3054", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-3054" }, { "cve": "CVE-2018-2877", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2877" }, { "cve": "CVE-2018-2846", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2846" }, { "cve": "CVE-2018-2839", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2839" }, { "cve": "CVE-2018-2819", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2819" }, { "cve": "CVE-2018-2818", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2818" }, { "cve": "CVE-2018-2817", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2817" }, { "cve": "CVE-2018-2816", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2816" }, { "cve": "CVE-2018-2813", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2813" }, { "cve": "CVE-2018-2812", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2812" }, { "cve": "CVE-2018-2810", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2810" }, { "cve": "CVE-2018-2805", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2805" }, { "cve": "CVE-2018-2787", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2787" }, { "cve": "CVE-2018-2786", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2786" }, { "cve": "CVE-2018-2784", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2784" }, { "cve": "CVE-2018-2782", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2782" }, { "cve": "CVE-2018-2781", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2781" }, { "cve": "CVE-2018-2780", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2780" }, { "cve": "CVE-2018-2779", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2779" }, { "cve": "CVE-2018-2778", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2778" }, { "cve": "CVE-2018-2777", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2777" }, { "cve": "CVE-2018-2776", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2776" }, { "cve": "CVE-2018-2775", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2775" }, { "cve": "CVE-2018-2773", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2773" }, { "cve": "CVE-2018-2771", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2771" }, { "cve": "CVE-2018-2769", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2769" }, { "cve": "CVE-2018-2766", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2766" }, { "cve": "CVE-2018-2762", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2762" }, { "cve": "CVE-2018-2761", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2761" }, { "cve": "CVE-2018-2759", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2759" }, { "cve": "CVE-2018-2758", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2758" }, { "cve": "CVE-2018-2755", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2755" }, { "cve": "CVE-2018-2598", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-2598" }, { "cve": "CVE-2018-1996", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1996" }, { "cve": "CVE-2018-1926", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1926" }, { "cve": "CVE-2018-1904", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1904" }, { "cve": "CVE-2018-1902", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1902" }, { "cve": "CVE-2018-1901", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1901" }, { "cve": "CVE-2018-1798", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1798" }, { "cve": "CVE-2018-1797", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1797" }, { "cve": "CVE-2018-1794", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1794" }, { "cve": "CVE-2018-1793", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1793" }, { "cve": "CVE-2018-1777", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1777" }, { "cve": "CVE-2018-1770", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1770" }, { "cve": "CVE-2018-1767", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1767" }, { "cve": "CVE-2018-1719", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1719" }, { "cve": "CVE-2018-1695", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1695" }, { "cve": "CVE-2018-1656", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1656" }, { "cve": "CVE-2018-1643", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1643" }, { "cve": "CVE-2018-1621", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1621" }, { "cve": "CVE-2018-1614", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1614" }, { "cve": "CVE-2018-1567", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1567" }, { "cve": "CVE-2018-1447", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1447" }, { "cve": "CVE-2018-1428", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1428" }, { "cve": "CVE-2018-1427", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1427" }, { "cve": "CVE-2018-1426", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1426" }, { "cve": "CVE-2018-1301", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-1301" }, { "cve": "CVE-2018-12539", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-12539" }, { "cve": "CVE-2018-10237", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-10237" }, { "cve": "CVE-2018-0734", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-0734" }, { "cve": "CVE-2018-0732", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2018-0732" }, { "cve": "CVE-2017-9798", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2017-9798" }, { "cve": "CVE-2017-3738", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2017-3738" }, { "cve": "CVE-2017-3737", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2017-3737" }, { "cve": "CVE-2017-3736", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2017-3736" }, { "cve": "CVE-2017-3735", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2017-3735" }, { "cve": "CVE-2017-3732", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2017-3732" }, { "cve": "CVE-2017-1743", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2017-1743" }, { "cve": "CVE-2017-1741", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2017-1741" }, { "cve": "CVE-2017-1731", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2017-1731" }, { "cve": "CVE-2017-1681", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2017-1681" }, { "cve": "CVE-2017-15715", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2017-15715" }, { "cve": "CVE-2017-15710", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2017-15710" }, { "cve": "CVE-2017-12624", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2017-12624" }, { "cve": "CVE-2017-12618", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2017-12618" }, { "cve": "CVE-2017-12613", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2017-12613" }, { "cve": "CVE-2016-0705", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2016-0705" }, { "cve": "CVE-2016-0702", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2016-0702" }, { "cve": "CVE-2016-0701", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2016-0701" }, { "cve": "CVE-2015-0899", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2015-0899" }, { "cve": "CVE-2014-7810", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2014-7810" }, { "cve": "CVE-2012-5783", "notes": [ { "category": "description", "text": "In IBM Tivoli Network Manager existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in den Komponenten OpenSSL, Apache CXF, Apache HTTPD, Oracle MySQL, Apache Commons, Apache Struts, IBM GSKit, Java SDK, Eclipse OpenJ9 und SAML. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien auszuweiten, Daten zu manipulieren, nicht spezifizierte Auswirkungen zu verursachen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Berechtigungen." } ], "release_date": "2023-06-28T22:00:00.000+00:00", "title": "CVE-2012-5783" } ] }
wid-sec-w-2022-0517
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um dadurch die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0517 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2022-0517.json" }, { "category": "self", "summary": "WID-SEC-2022-0517 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0517" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2332 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2332" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2336 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2336" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2308 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2308" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2285 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2285" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2290 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2290" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2280 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2280" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2283 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2283" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2272 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2272" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2276 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2276" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2258 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2258" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2229 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2229" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2237 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2237" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2196 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2196" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2197 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2197" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2189 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2189" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2177 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2177" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2178 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2178" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2162 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2162" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2157 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2157" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2137 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2137" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2125 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2126 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2126" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2112 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2112" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2101 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2075 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2075" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2049 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2049" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2052 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2052" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2047 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2047" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2048 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2048" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2035 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2035" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2037 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2037" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2017 vom 2019-08-06", "url": "https://access.redhat.com/errata/RHSA-2019:2017" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:0471 vom 2020-02-11", "url": "https://access.redhat.com/errata/RHSA-2020:0471" }, { "category": "external", "summary": "CentOS Security Advisory CESA-2020:0471 vom 2020-02-11", "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-0471-Moderate-CentOS-6-spice-gtk-Security-Update-tp4645840.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:2437 vom 2019-08-12", "url": "https://access.redhat.com/errata/RHSA-2019:2437" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2019-2285 vom 2019-08-14", "url": "http://linux.oracle.com/errata/ELSA-2019-2285.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2019-2052 vom 2019-08-14", "url": "http://linux.oracle.com/errata/ELSA-2019-2052.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2019-2258 vom 2019-08-14", "url": "http://linux.oracle.com/errata/ELSA-2019-2258.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2019-2178 vom 2019-08-14", "url": "http://linux.oracle.com/errata/ELSA-2019-2178.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2019-2229 vom 2019-08-14", "url": "http://linux.oracle.com/errata/ELSA-2019-2229.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2019-2177 vom 2019-08-16", "url": "http://linux.oracle.com/errata/ELSA-2019-2177.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2019-2283 vom 2019-08-19", "url": "http://linux.oracle.com/errata/ELSA-2019-2283.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2019-2189 vom 2019-08-21", "url": "http://linux.oracle.com/errata/ELSA-2019-2189.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2019-2280 vom 2019-08-21", "url": "http://linux.oracle.com/errata/ELSA-2019-2280.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2019-2332 vom 2019-08-21", "url": "http://linux.oracle.com/errata/ELSA-2019-2332.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2019:2267-1 vom 2019-09-02", "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192267-1.html" }, { "category": "external", "summary": "CentOS Security Advisory CESA-2019:2101 vom 2019-09-18", "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-2101-Low-CentOS-7-exiv2-Security-Update-tp4645686.html" }, { "category": "external", "summary": "CentOS Security Advisory CESA-2019:2258 vom 2019-09-18", "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-2258-Moderate-CentOS-7-http-parser-Security-Update-tp4645679.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2019:2730-1 vom 2019-10-22", "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192730-1.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2019:2750-1 vom 2019-10-23", "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192750-1.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:3338 vom 2019-11-05", "url": "https://access.redhat.com/errata/RHSA-2019:3338" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:3651 vom 2019-11-05", "url": "https://access.redhat.com/errata/RHSA-2019:3651" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:3575 vom 2019-11-05", "url": "https://access.redhat.com/errata/RHSA-2019:3575" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:3583 vom 2019-11-06", "url": "https://access.redhat.com/errata/RHSA-2019:3583" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:3590 vom 2019-11-05", "url": "https://access.redhat.com/errata/RHSA-2019:3590" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:3345 vom 2019-11-06", "url": "https://access.redhat.com/errata/RHSA-2019:3345" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:3497 vom 2019-11-05", "url": "https://access.redhat.com/errata/RHSA-2019:3497" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:3335 vom 2019-11-05", "url": "https://access.redhat.com/errata/RHSA-2019:3335" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2019:3705 vom 2019-11-05", "url": "https://access.redhat.com/errata/RHSA-2019:3705" }, { "category": "external", "summary": "AVAYA Security Advisory ASA-2019-209 vom 2019-12-22", "url": "https://downloads.avaya.com/css/P8/documents/101060434" }, { "category": "external", "summary": "AVAYA Security Advisory ASA-2019-205 vom 2019-12-22", "url": "https://downloads.avaya.com/css/P8/documents/101060432" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:0595 vom 2020-02-25", "url": "https://access.redhat.com/errata/RHSA-2020:0595" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:0555-1 vom 2020-03-02", "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200555-1.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:0850 vom 2020-03-17", "url": "https://access.redhat.com/errata/RHSA-2020:0850" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:0851 vom 2020-03-17", "url": "https://access.redhat.com/errata/RHSA-2020:0851" }, { "category": "external", "summary": "CentOS Security Advisory CESA-2020:0851 vom 2020-03-25", "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-0851-Moderate-CentOS-7-python-virtualenv-Security-Update-tp4645882.html" }, { "category": "external", "summary": "CentOS Security Advisory CESA-2020:0850 vom 2020-03-25", "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-0850-Moderate-CentOS-7-python-pip-Security-Update-tp4645865.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:1265 vom 2020-04-01", "url": "https://access.redhat.com/errata/RHSA-2020:1265" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:0921-1 vom 2020-04-04", "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200921-1.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:1471 vom 2020-04-14", "url": "https://access.redhat.com/errata/RHSA-2020:1471" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:1464 vom 2020-04-14", "url": "https://access.redhat.com/errata/RHSA-2020:1464" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:1461 vom 2020-04-14", "url": "https://access.redhat.com/errata/RHSA-2020:1461" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:1577 vom 2020-04-28", "url": "https://access.redhat.com/errata/RHSA-2020:1577" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:1916 vom 2020-04-28", "url": "https://access.redhat.com/errata/RHSA-2020:1916" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:1605 vom 2020-04-28", "url": "https://access.redhat.com/errata/RHSA-2020:1605" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:2068 vom 2020-05-12", "url": "https://access.redhat.com/errata/RHSA-2020:2068" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:2081 vom 2020-05-12", "url": "https://access.redhat.com/errata/RHSA-2020:2081" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:1792-1 vom 2020-06-26", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-June/007049.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:3194 vom 2020-07-28", "url": "https://access.redhat.com/errata/RHSA-2020:3194" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:2711-1 vom 2020-09-22", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-September/007450.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:2942-1 vom 2020-10-16", "url": "http://lists.suse.com/pipermail/sle-security-updates/2020-October/007582.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2020:4999 vom 2020-11-10", "url": "https://access.redhat.com/errata/RHSA-2020:4999" }, { "category": "external", "summary": "Debian Security Advisory DLA-2470 vom 2020-12-01", "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:3842-1 vom 2020-12-16", "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/008077.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2020:3841-1 vom 2020-12-16", "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/008078.html" }, { "category": "external", "summary": "F5 Security Advisory K00409335 vom 2020-12-29", "url": "https://support.f5.com/csp/article/K00409335?utm_source=f5support\u0026utm_medium=RSS" }, { "category": "external", "summary": "Debian Security Advisory DLA-2645 vom 2021-04-29", "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html" }, { "category": "external", "summary": "Gentoo Linux Security Advisory GLSA-202107-15 vom 2021-07-08", "url": "https://www.cybersecurity-help.cz/vdb/SB2021070803" }, { "category": "external", "summary": "Debian Security Advisory DLA-2802 vom 2021-10-31", "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:1819-1 vom 2022-05-23", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011137.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:1448-1 vom 2022-04-28", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010858.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5497-1 vom 2022-06-30", "url": "https://ubuntu.com/security/notices/USN-5497-1" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:2614-1 vom 2022-08-01", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011724.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5553-1 vom 2022-08-08", "url": "https://ubuntu.com/security/notices/USN-5553-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5631-1 vom 2022-09-22", "url": "https://ubuntu.com/security/notices/USN-5631-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5671-1 vom 2022-10-12", "url": "https://ubuntu.com/security/notices/USN-5671-1" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:4252-1 vom 2022-11-28", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013131.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2023-1939 vom 2023-02-22", "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1939.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2023-1940 vom 2023-02-22", "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1940.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2023-6980 vom 2023-11-21", "url": "https://linux.oracle.com/errata/ELSA-2023-6980.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-12605 vom 2024-09-02", "url": "https://linux.oracle.com/errata/ELSA-2024-12605.html" } ], "source_lang": "en-US", "title": "Red Hat Enterprise Linux: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-09-02T22:00:00.000+00:00", "generator": { "date": "2024-09-03T08:16:21.549+00:00", "engine": { "name": "BSI-WID", "version": "1.3.6" } }, "id": "WID-SEC-W-2022-0517", "initial_release_date": "2019-08-06T22:00:00.000+00:00", "revision_history": [ { "date": "2019-08-06T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2019-08-12T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2019-08-13T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2019-08-18T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2019-08-19T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2019-08-21T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2019-09-02T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2019-09-18T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von CentOS aufgenommen" }, { "date": "2019-10-09T22:00:00.000+00:00", "number": "9", "summary": "Referenz(en) aufgenommen: SUSE-SU-2019:1487-2" }, { "date": "2019-10-15T22:00:00.000+00:00", "number": "10", "summary": "Referenz(en) aufgenommen: FEDORA-2019-7B06F18A10, FEDORA-2019-A25D5DF3B4, FEDORA-2019-23638D42F3" }, { "date": "2019-10-21T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2019-10-23T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2019-11-05T23:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2019-12-22T23:00:00.000+00:00", "number": "14", "summary": "Neue Updates von AVAYA aufgenommen" }, { "date": "2020-01-30T23:00:00.000+00:00", "number": "15", "summary": "Referenz(en) aufgenommen: FEDORA-2020-CB7B7181A0, FEDORA-2020-1DFAA1963B" }, { "date": "2020-02-10T23:00:00.000+00:00", "number": "16", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-02-11T23:00:00.000+00:00", "number": "17", "summary": "Neue Updates von CentOS aufgenommen" }, { "date": "2020-02-24T23:00:00.000+00:00", "number": "18", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-03-02T23:00:00.000+00:00", "number": "19", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2020-03-17T23:00:00.000+00:00", "number": "20", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-03-25T23:00:00.000+00:00", "number": "21", "summary": "Neue Updates von CentOS aufgenommen" }, { "date": "2020-03-31T22:00:00.000+00:00", "number": "22", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-04-05T22:00:00.000+00:00", "number": "23", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2020-04-14T22:00:00.000+00:00", "number": "24", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-04-28T22:00:00.000+00:00", "number": "25", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-05-03T22:00:00.000+00:00", "number": "26", "summary": "Referenz(en) aufgenommen: USN-4349-1" }, { "date": "2020-05-12T22:00:00.000+00:00", "number": "27", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-06-28T22:00:00.000+00:00", "number": "28", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2020-07-28T22:00:00.000+00:00", "number": "29", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-09-22T22:00:00.000+00:00", "number": "30", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2020-10-18T22:00:00.000+00:00", "number": "31", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2020-11-09T23:00:00.000+00:00", "number": "32", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2020-11-30T23:00:00.000+00:00", "number": "33", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2020-12-16T23:00:00.000+00:00", "number": "34", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2020-12-28T23:00:00.000+00:00", "number": "35", "summary": "Neue Updates von F5 aufgenommen" }, { "date": "2021-04-29T22:00:00.000+00:00", "number": "36", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2021-07-07T22:00:00.000+00:00", "number": "37", "summary": "Neue Updates von Gentoo aufgenommen" }, { "date": "2021-09-08T22:00:00.000+00:00", "number": "38", "summary": "Referenz(en) aufgenommen: USN-5067-1" }, { "date": "2021-10-31T23:00:00.000+00:00", "number": "39", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2022-04-28T22:00:00.000+00:00", "number": "40", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-05-23T22:00:00.000+00:00", "number": "41", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-06-30T22:00:00.000+00:00", "number": "42", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2022-08-01T22:00:00.000+00:00", "number": "43", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-08-08T22:00:00.000+00:00", "number": "44", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2022-09-22T22:00:00.000+00:00", "number": "45", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2022-10-11T22:00:00.000+00:00", "number": "46", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2022-11-28T23:00:00.000+00:00", "number": "47", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2023-02-22T23:00:00.000+00:00", "number": "48", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2023-11-21T23:00:00.000+00:00", "number": "49", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2024-09-02T22:00:00.000+00:00", "number": "50", "summary": "Neue Updates von Oracle Linux aufgenommen" } ], "status": "final", "version": "50" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "F5 BIG-IP", "product": { "name": "F5 BIG-IP", "product_id": "T001663", "product_identification_helper": { "cpe": "cpe:/a:f5:big-ip:-" } } } ], "category": "vendor", "name": "F5" }, { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "category": "product_name", "name": "Open Source CentOS", "product": { "name": "Open Source CentOS", "product_id": "1727", "product_identification_helper": { "cpe": "cpe:/o:centos:centos:-" } } } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "T006054", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7" } } } ], "category": "product_name", "name": "Enterprise Linux" } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-3616", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2016-3616" }, { "cve": "CVE-2017-15111", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2017-15111" }, { "cve": "CVE-2017-15112", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2017-15112" }, { "cve": "CVE-2017-17724", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2017-17724" }, { "cve": "CVE-2017-18189", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2017-18189" }, { "cve": "CVE-2017-18233", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2017-18233" }, { "cve": "CVE-2017-18234", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2017-18234" }, { "cve": "CVE-2017-18236", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2017-18236" }, { "cve": "CVE-2017-18238", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2017-18238" }, { "cve": "CVE-2017-5731", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2017-5731" }, { "cve": "CVE-2017-5732", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2017-5732" }, { "cve": "CVE-2017-5733", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2017-5733" }, { "cve": "CVE-2017-5734", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2017-5734" }, { "cve": "CVE-2017-5735", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2017-5735" }, { "cve": "CVE-2017-6059", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2017-6059" }, { "cve": "CVE-2017-6413", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2017-6413" }, { "cve": "CVE-2018-0495", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-0495" }, { "cve": "CVE-2018-1000132", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-1000132" }, { "cve": "CVE-2018-1000852", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-1000852" }, { "cve": "CVE-2018-1000876", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-1000876" }, { "cve": "CVE-2018-10689", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-10689" }, { "cve": "CVE-2018-10772", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-10772" }, { "cve": "CVE-2018-10893", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-10893" }, { "cve": "CVE-2018-10958", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-10958" }, { "cve": "CVE-2018-10998", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-10998" }, { "cve": "CVE-2018-11037", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-11037" }, { "cve": "CVE-2018-11212", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-11212" }, { "cve": "CVE-2018-11213", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-11213" }, { "cve": "CVE-2018-11214", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-11214" }, { "cve": "CVE-2018-1122", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-1122" }, { "cve": "CVE-2018-11813", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-11813" }, { "cve": "CVE-2018-12121", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-12121" }, { "cve": "CVE-2018-12181", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-12181" }, { "cve": "CVE-2018-12264", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-12264" }, { "cve": "CVE-2018-12265", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-12265" }, { "cve": "CVE-2018-12404", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-12404" }, { "cve": "CVE-2018-12641", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-12641" }, { "cve": "CVE-2018-12697", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-12697" }, { "cve": "CVE-2018-13259", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-13259" }, { "cve": "CVE-2018-13346", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-13346" }, { "cve": "CVE-2018-13347", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-13347" }, { "cve": "CVE-2018-14046", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-14046" }, { "cve": "CVE-2018-14348", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-14348" }, { "cve": "CVE-2018-14498", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-14498" }, { "cve": "CVE-2018-16062", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-16062" }, { "cve": "CVE-2018-16402", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-16402" }, { "cve": "CVE-2018-16403", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-16403" }, { "cve": "CVE-2018-16548", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-16548" }, { "cve": "CVE-2018-16838", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-16838" }, { "cve": "CVE-2018-17282", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-17282" }, { "cve": "CVE-2018-17336", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-17336" }, { "cve": "CVE-2018-17581", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-17581" }, { "cve": "CVE-2018-18074", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-18074" }, { "cve": "CVE-2018-18310", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-18310" }, { "cve": "CVE-2018-18520", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-18520" }, { "cve": "CVE-2018-18521", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-18521" }, { "cve": "CVE-2018-18584", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-18584" }, { "cve": "CVE-2018-18585", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-18585" }, { "cve": "CVE-2018-18915", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-18915" }, { "cve": "CVE-2018-19044", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-19044" }, { "cve": "CVE-2018-19107", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-19107" }, { "cve": "CVE-2018-19108", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-19108" }, { "cve": "CVE-2018-19198", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-19198" }, { "cve": "CVE-2018-19199", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-19199" }, { "cve": "CVE-2018-19208", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-19208" }, { "cve": "CVE-2018-19535", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-19535" }, { "cve": "CVE-2018-19607", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-19607" }, { "cve": "CVE-2018-20060", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-20060" }, { "cve": "CVE-2018-20096", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-20096" }, { "cve": "CVE-2018-20097", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-20097" }, { "cve": "CVE-2018-20098", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-20098" }, { "cve": "CVE-2018-20099", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-20099" }, { "cve": "CVE-2018-20532", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-20532" }, { "cve": "CVE-2018-20533", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-20533" }, { "cve": "CVE-2018-20534", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-20534" }, { "cve": "CVE-2018-3613", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-3613" }, { "cve": "CVE-2018-5407", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-5407" }, { "cve": "CVE-2018-6541", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-6541" }, { "cve": "CVE-2018-7159", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-7159" }, { "cve": "CVE-2018-7409", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-7409" }, { "cve": "CVE-2018-7485", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-7485" }, { "cve": "CVE-2018-7730", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-7730" }, { "cve": "CVE-2018-8976", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-8976" }, { "cve": "CVE-2018-8977", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-8977" }, { "cve": "CVE-2018-9305", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2018-9305" }, { "cve": "CVE-2019-0160", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2019-0160" }, { "cve": "CVE-2019-0161", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2019-0161" }, { "cve": "CVE-2019-10153", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2019-10153" }, { "cve": "CVE-2019-10192", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2019-10192" }, { "cve": "CVE-2019-10193", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2019-10193" }, { "cve": "CVE-2019-11236", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2019-11236" }, { "cve": "CVE-2019-3811", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2019-3811" }, { "cve": "CVE-2019-7149", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2019-7149" }, { "cve": "CVE-2019-7150", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2019-7150" }, { "cve": "CVE-2019-7664", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2019-7664" }, { "cve": "CVE-2019-7665", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2019-7665" }, { "cve": "CVE-2019-8379", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2019-8379" }, { "cve": "CVE-2019-8383", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2019-8383" }, { "cve": "CVE-2019-9755", "notes": [ { "category": "description", "text": "Im Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten Advancecomp, unixODBC, libguestfs-winsupport, keepalived, libsolv, uriparser, sox, python-urllib3, mercurial, http-parser, spice-gtk, nss, nss-softokn, nss-util, nspr, zziplib, elfutils, procps-ng, redis, sssd, udisks2, blktrace, freerdp, keycloak-httpd-client-install, ovmf, libwpd, mod_auth_openidc, exiv2, binutils, libmspack, libjpeg-turbo, libcgroup, exempi, python-requests, fence-agents und zsh. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Aufgrund der Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "2951", "T002207", "T000126", "T001663", "398363", "T012167", "1727", "T004914", "T006054" ] }, "release_date": "2019-08-06T22:00:00.000+00:00", "title": "CVE-2019-9755" } ] }
gsd-2018-5407
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2018-5407", "description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.", "id": "GSD-2018-5407", "references": [ "https://www.suse.com/security/cve/CVE-2018-5407.html", "https://www.debian.org/security/2018/dsa-4355", "https://www.debian.org/security/2018/dsa-4348", "https://access.redhat.com/errata/RHSA-2019:3935", "https://access.redhat.com/errata/RHSA-2019:3933", "https://access.redhat.com/errata/RHSA-2019:3932", "https://access.redhat.com/errata/RHSA-2019:3931", "https://access.redhat.com/errata/RHSA-2019:3929", "https://access.redhat.com/errata/RHSA-2019:2125", "https://access.redhat.com/errata/RHBA-2019:1088", "https://access.redhat.com/errata/RHBA-2019:1053", "https://access.redhat.com/errata/RHSA-2019:0483", "https://ubuntu.com/security/CVE-2018-5407", "https://advisories.mageia.org/CVE-2018-5407.html", "https://security.archlinux.org/CVE-2018-5407", "https://alas.aws.amazon.com/cve/html/CVE-2018-5407.html", "https://linux.oracle.com/cve/CVE-2018-5407.html", "https://packetstormsecurity.com/files/cve/CVE-2018-5407" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2018-5407" ], "details": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.", "id": "GSD-2018-5407", "modified": "2023-12-13T01:22:40.039977Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2018-5407", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Processors supporting Simultaneous Multi-Threading", "version": { "version_data": [ { "version_value": "N/A" } ] } } ] }, "vendor_name": "N/A" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2019:0483", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0483" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "refsource": "CONFIRM", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "name": "https://security.netapp.com/advisory/ntap-20181126-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20181126-0001/" }, { "name": "USN-3840-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3840-1/" }, { "name": "DSA-4355", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4355" }, { "name": "https://www.tenable.com/security/tns-2018-17", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2018-17" }, { "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { "name": "GLSA-201903-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201903-10" }, { "name": "https://www.tenable.com/security/tns-2018-16", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2018-16" }, { "name": "45785", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45785/" }, { "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { "name": "https://github.com/bbbrumley/portsmash", "refsource": "MISC", "url": "https://github.com/bbbrumley/portsmash" }, { "name": "DSA-4348", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4348" }, { "name": "105897", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105897" }, { "name": "https://eprint.iacr.org/2018/1060.pdf", "refsource": "MISC", "url": "https://eprint.iacr.org/2018/1060.pdf" }, { "name": "RHSA-2019:0651", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0651" }, { "name": "RHSA-2019:0652", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0652" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "RHSA-2019:2125", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "name": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "name": "RHSA-2019:3929", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "name": "RHSA-2019:3933", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "name": "RHSA-2019:3931", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "name": "RHSA-2019:3935", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "name": "RHSA-2019:3932", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.14.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.11.4", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.9.0", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.0i", "versionStartIncluding": "1.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.2q", "versionStartIncluding": "1.0.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.1.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.12.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.1.2", "versionStartIncluding": "3.12.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2018-5407" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-203" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/bbbrumley/portsmash", "refsource": "MISC", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://github.com/bbbrumley/portsmash" }, { "name": "https://eprint.iacr.org/2018/1060.pdf", "refsource": "MISC", "tags": [ "Technical Description", "Third Party Advisory" ], "url": "https://eprint.iacr.org/2018/1060.pdf" }, { "name": "45785", "refsource": "EXPLOIT-DB", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/45785/" }, { "name": "105897", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105897" }, { "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { "name": "https://security.netapp.com/advisory/ntap-20181126-0001/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20181126-0001/" }, { "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { "name": "DSA-4348", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2018/dsa-4348" }, { "name": "USN-3840-1", "refsource": "UBUNTU", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3840-1/" }, { "name": "DSA-4355", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2018/dsa-4355" }, { "name": "https://www.tenable.com/security/tns-2018-17", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2018-17" }, { "name": "https://www.tenable.com/security/tns-2018-16", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://www.tenable.com/security/tns-2018-16" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "name": "GLSA-201903-10", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201903-10" }, { "name": "RHSA-2019:0483", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:0483" }, { "name": "RHSA-2019:0652", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:0652" }, { "name": "RHSA-2019:0651", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:0651" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "RHSA-2019:2125", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "name": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "name": "RHSA-2019:3929", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "name": "RHSA-2019:3935", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "name": "RHSA-2019:3933", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "name": "RHSA-2019:3931", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "name": "RHSA-2019:3932", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "N/A", "refsource": "N/A", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.0, "impactScore": 3.6 } }, "lastModifiedDate": "2020-09-18T16:58Z", "publishedDate": "2018-11-15T21:29Z" } } }
var-201811-0912
Vulnerability from variot
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. An information disclosure vulnerability exists in OpenSSL. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. OpenSSL Security Advisory [12 November 2018]
Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)
Severity: Low
OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key.
This issue does not impact OpenSSL 1.1.1 and is already fixed in the latest version of OpenSSL 1.1.0 (1.1.0i). OpenSSL 1.0.2 is affected but due to the low severity of this issue we are not creating a new release at this time. The 1.0.2 mitigation for this issue can be found in commit b18162a7c.
OpenSSL 1.1.0 users should upgrade to 1.1.0i.
This issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri.
Note
OpenSSL 1.1.0 is currently only receiving security updates. Support for this version will end on 11th September 2019. Users of this version should upgrade to OpenSSL 1.1.1.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20181112.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] openssl (SSA:2018-325-01)
New openssl packages are available for Slackware 14.2 and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 ( Security fix ) patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz
Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz
Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 packages: e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz
Slackware 14.2 packages: d5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz 594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz
Slackware x86_64 14.2 packages: 943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz 0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz
Slackware -current packages: 6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz 6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz
Slackware x86_64 -current packages: eb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz 12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Bugs fixed (https://bugzilla.redhat.com/):
1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle 1713275 - CVE-2019-0221 tomcat: XSS in SSI printenv 1723708 - CVE-2019-10072 tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199
For the stable distribution (stretch), these problems have been fixed in version 1.1.0j-1~deb9u1.
For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8 TjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6 Udto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj 45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ VXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2 Dwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx /qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn q+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/ u8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM 9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT 7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61 P2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji -----END PGP SIGNATURE----- . Description:
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements.
Security Fix(es):
- openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737)
- openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)
- mod_auth_digest: access control bypass due to race condition (CVE-2019-0217)
- openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
- mod_session_cookie does not respect expiry time (CVE-2018-17199)
- mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)
- mod_http2: possible crash on late upgrade (CVE-2019-0197)
- mod_http2: read-after-free on a string compare (CVE-2019-0196)
- nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)
- nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
- mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)
- mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):
1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time 1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies 1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: ovmf security and enhancement update Advisory ID: RHSA-2019:2125-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2125 Issue date: 2019-08-06 CVE Names: CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 CVE-2018-5407 CVE-2018-12181 CVE-2019-0160 CVE-2019-0161 ==================================================================== 1. Summary:
An update for ovmf is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 7) - noarch
- Description:
OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.
Security Fix(es):
-
edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731)
-
edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732)
-
edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733)
-
edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2017-5734)
-
edk2: Privilege escalation via heap-based buffer overflow in Decode() function (CVE-2017-5735)
-
edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users (CVE-2018-3613)
-
openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
-
edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181)
-
edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160)
-
edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1641433 - CVE-2018-3613 edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users 1641442 - CVE-2017-5731 edk2: Privilege escalation via processing of malformed files in TianoCompress.c 1641446 - CVE-2017-5732 edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c 1641450 - CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function 1641458 - CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function 1641465 - CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1686783 - CVE-2018-12181 edk2: Stack buffer overflow with corrupted BMP 1691640 - CVE-2019-0160 edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media 1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service
- Package List:
Red Hat Enterprise Linux Server (v. 7):
Source: ovmf-20180508-6.gitee3198e672e2.el7.src.rpm
noarch: OVMF-20180508-6.gitee3198e672e2.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-5731 https://access.redhat.com/security/cve/CVE-2017-5732 https://access.redhat.com/security/cve/CVE-2017-5733 https://access.redhat.com/security/cve/CVE-2017-5734 https://access.redhat.com/security/cve/CVE-2017-5735 https://access.redhat.com/security/cve/CVE-2018-3613 https://access.redhat.com/security/cve/CVE-2018-5407 https://access.redhat.com/security/cve/CVE-2018-12181 https://access.redhat.com/security/cve/CVE-2019-0160 https://access.redhat.com/security/cve/CVE-2019-0161 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXUl2ZNzjgjWX9erEAQhKuA/+O5K7BxvCHuj1pDM/pezYzjBfOcdVKQWz L61IFKCy653XFNrw0fLFh8Er+/vkrlZD93rmGl9JqU4PmaeqO8Tofgw9d3XsuaI6 7hWuhyiYqjzkbRP+XZGQK3B8a8aY4a2uRMjNemo9nMjLTuEpkGWShxo6O0AGPuCG GLhV6PTqAmNaxQSqEIdzzBk/YTVx+/ElEKEAYINfhyFV/KLAJcEso/v9DwA0vRaR J0srktZqKHG0WZ8JUMGBT+iEfwsgWI/oZP2DdcUwALTtS8LiGsY6eUmhR6Hj7BBx DDazP8ihme8q1Z3sTZVb+s2O4/v76bFexY6Q+k5SkS9/Xs8kYan8twTXo+r3d8Hy AJBtCnUS8WQV3mXokvIjPtEWfzomcL0N2RYJlhFMFwO43LLUfBH2k7yq+4qQRPqC KJI/I0lqckFDPJcW1T5CPhzPmixGchWoJpMzxNI4axznXg5SeyEX0Rd2czsuCUA0 wPXmrt6VBpEReROhjY0707Wyaq65BZws9+E7CoXDjvKiobQ/yHUVmv1GdUDeHpH5 dhOU+BMp38VwPORp/hX/cbm+FIZyPZWBKtOF/fuPJ3VV8xKNyGZ4Igcr9AdHT9O+ nHDfz2bu3595ZdZlUMw5wMb3pvtT48dT1NAgwsvTWgts/p9tg/JqoD3DJkHQaDiG bSZXnvoCTGA=vpvG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3840-1 December 06, 2018
openssl, openssl1.0 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools - openssl1.0: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. (CVE-2018-0734)
Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. This issue is known as "PortSmash". (CVE-2018-5407)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: libssl1.0.0 1.0.2n-1ubuntu6.1 libssl1.1 1.1.1-1ubuntu2.1
Ubuntu 18.04 LTS: libssl1.0.0 1.0.2n-1ubuntu5.2 libssl1.1 1.1.0g-2ubuntu4.3
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.14
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.27
After a standard system update you need to reboot your computer to make all the necessary changes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0912", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mysql enterprise backup", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "3.12.3" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "mysql enterprise backup", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "4.1.2" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "6.14.4" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "8.0.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.2" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.0.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.2.0.0.0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.56" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.57" }, { "model": "vm virtualbox", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "6.0.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.0.1" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "0.9.8" }, { "model": "nessus", "scope": "lt", "trust": 1.0, "vendor": "tenable", "version": "8.1.1" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.55" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.0.2q" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.0.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "8.11.4" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.1.0i" }, { "model": "api gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.3.3" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.10" }, { "model": "tuxedo", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.1.1.0.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.1" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.1.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.1.0.5.0" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.0.0" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "10.9.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.4" }, { "model": "mysql enterprise backup", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "3.12.4" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.1.0h" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-279" }, { "db": "NVD", "id": "CVE-2018-5407" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat,Gentoo", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-279" } ], "trust": 0.6 }, "cve": "CVE-2018-5407", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "id": "CVE-2018-5407", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 1.0, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "id": "VHN-135438", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.1, "vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.0, "id": "CVE-2018-5407", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-5407", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201811-279", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-135438", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-135438" }, { "db": "CNNVD", "id": "CNNVD-201811-279" }, { "db": "NVD", "id": "CVE-2018-5407" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. An information disclosure vulnerability exists in OpenSSL. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. OpenSSL Security Advisory [12 November 2018]\n============================================\n\nMicroarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)\n===================================================================================\n\nSeverity: Low\n\nOpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown\nto be vulnerable to a microarchitecture timing side channel attack. An attacker\nwith sufficient access to mount local timing attacks during ECDSA signature\ngeneration could recover the private key. \n\nThis issue does not impact OpenSSL 1.1.1 and is already fixed in the latest\nversion of OpenSSL 1.1.0 (1.1.0i). OpenSSL 1.0.2 is affected but due to the low\nseverity of this issue we are not creating a new release at this time. The 1.0.2\nmitigation for this issue can be found in commit b18162a7c. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0i. \n\nThis issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera\nAldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri. \n\nNote\n====\n\nOpenSSL 1.1.0 is currently only receiving security updates. Support for this\nversion will end on 11th September 2019. Users of this version should upgrade to\nOpenSSL 1.1.1. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20181112.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] openssl (SSA:2018-325-01)\n\nNew openssl packages are available for Slackware 14.2 and -current to\nfix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. \n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\ne6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz\nc61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz\nb7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz\nb5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nfc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz\ne873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nSlackware 14.2 packages:\nd5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz\n594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz\n0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nSlackware -current packages:\n6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz\n6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz\n\nSlackware x86_64 -current packages:\neb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz\n12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Bugs fixed (https://bugzilla.redhat.com/):\n\n1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)\n1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle\n1713275 - CVE-2019-0221 tomcat: XSS in SSI printenv\n1723708 - CVE-2019-10072 tomcat: HTTP/2 connection window exhaustion on write, incomplete fix of CVE-2019-0199\n\n5. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.1.0j-1~deb9u1. \n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8\nTjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6\nUdto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj\n45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ\nVXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2\nDwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx\n/qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn\nq+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/\nu8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM\n9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT\n7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61\nP2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji\n-----END PGP SIGNATURE-----\n. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. \n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in\ncrypto/rsa/rsa_gen.c allows attackers to recover private keys\n(CVE-2018-0737)\n* openssl: timing side channel attack in the DSA signature algorithm\n(CVE-2018-0734)\n* mod_auth_digest: access control bypass due to race condition\n(CVE-2019-0217)\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures\n(PortSmash) (CVE-2018-5407)\n* mod_session_cookie does not respect expiry time (CVE-2018-17199)\n* mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n* mod_http2: possible crash on late upgrade (CVE-2019-0197)\n* mod_http2: read-after-free on a string compare (CVE-2019-0196)\n* nghttp2: HTTP/2: large amount of data request leads to denial of service\n(CVE-2019-9511)\n* nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive\nresource consumption (CVE-2019-9513)\n* mod_http2: HTTP/2: 0-length headers leads to denial of service\n(CVE-2019-9516)\n* mod_http2: HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. After installing the updated\npackages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys\n1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm\n1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)\n1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time\n1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies\n1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition\n1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare\n1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service\n1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: ovmf security and enhancement update\nAdvisory ID: RHSA-2019:2125-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2125\nIssue date: 2019-08-06\nCVE Names: CVE-2017-5731 CVE-2017-5732 CVE-2017-5733\n CVE-2017-5734 CVE-2017-5735 CVE-2018-3613\n CVE-2018-5407 CVE-2018-12181 CVE-2019-0160\n CVE-2019-0161\n====================================================================\n1. Summary:\n\nAn update for ovmf is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server (v. 7) - noarch\n\n3. Description:\n\nOVMF (Open Virtual Machine Firmware) is a project to enable UEFI support\nfor Virtual Machines. This package contains a sample 64-bit UEFI firmware\nfor QEMU and KVM. \n\nSecurity Fix(es):\n\n* edk2: Privilege escalation via processing of malformed files in\nTianoCompress.c (CVE-2017-5731)\n\n* edk2: Privilege escalation via processing of malformed files in\nBaseUefiDecompressLib.c (CVE-2017-5732)\n\n* edk2: Privilege escalation via heap-based buffer overflow in MakeTable()\nfunction (CVE-2017-5733)\n\n* edk2: Privilege escalation via stack-based buffer overflow in MakeTable()\nfunction (CVE-2017-5734)\n\n* edk2: Privilege escalation via heap-based buffer overflow in Decode()\nfunction (CVE-2017-5735)\n\n* edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege\nescalation by authenticated users (CVE-2018-3613)\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures\n(PortSmash) (CVE-2018-5407)\n\n* edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181)\n\n* edk2: buffer overflows in PartitionDxe and UdfDxe with long file names\nand invalid UDF media (CVE-2019-0160)\n\n* edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1641433 - CVE-2018-3613 edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users\n1641442 - CVE-2017-5731 edk2: Privilege escalation via processing of malformed files in TianoCompress.c\n1641446 - CVE-2017-5732 edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c\n1641450 - CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function\n1641458 - CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function\n1641465 - CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function\n1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)\n1686783 - CVE-2018-12181 edk2: Stack buffer overflow with corrupted BMP\n1691640 - CVE-2019-0160 edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media\n1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service\n\n6. Package List:\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\novmf-20180508-6.gitee3198e672e2.el7.src.rpm\n\nnoarch:\nOVMF-20180508-6.gitee3198e672e2.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-5731\nhttps://access.redhat.com/security/cve/CVE-2017-5732\nhttps://access.redhat.com/security/cve/CVE-2017-5733\nhttps://access.redhat.com/security/cve/CVE-2017-5734\nhttps://access.redhat.com/security/cve/CVE-2017-5735\nhttps://access.redhat.com/security/cve/CVE-2018-3613\nhttps://access.redhat.com/security/cve/CVE-2018-5407\nhttps://access.redhat.com/security/cve/CVE-2018-12181\nhttps://access.redhat.com/security/cve/CVE-2019-0160\nhttps://access.redhat.com/security/cve/CVE-2019-0161\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXUl2ZNzjgjWX9erEAQhKuA/+O5K7BxvCHuj1pDM/pezYzjBfOcdVKQWz\nL61IFKCy653XFNrw0fLFh8Er+/vkrlZD93rmGl9JqU4PmaeqO8Tofgw9d3XsuaI6\n7hWuhyiYqjzkbRP+XZGQK3B8a8aY4a2uRMjNemo9nMjLTuEpkGWShxo6O0AGPuCG\nGLhV6PTqAmNaxQSqEIdzzBk/YTVx+/ElEKEAYINfhyFV/KLAJcEso/v9DwA0vRaR\nJ0srktZqKHG0WZ8JUMGBT+iEfwsgWI/oZP2DdcUwALTtS8LiGsY6eUmhR6Hj7BBx\nDDazP8ihme8q1Z3sTZVb+s2O4/v76bFexY6Q+k5SkS9/Xs8kYan8twTXo+r3d8Hy\nAJBtCnUS8WQV3mXokvIjPtEWfzomcL0N2RYJlhFMFwO43LLUfBH2k7yq+4qQRPqC\nKJI/I0lqckFDPJcW1T5CPhzPmixGchWoJpMzxNI4axznXg5SeyEX0Rd2czsuCUA0\nwPXmrt6VBpEReROhjY0707Wyaq65BZws9+E7CoXDjvKiobQ/yHUVmv1GdUDeHpH5\ndhOU+BMp38VwPORp/hX/cbm+FIZyPZWBKtOF/fuPJ3VV8xKNyGZ4Igcr9AdHT9O+\nnHDfz2bu3595ZdZlUMw5wMb3pvtT48dT1NAgwsvTWgts/p9tg/JqoD3DJkHQaDiG\nbSZXnvoCTGA=vpvG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-3840-1\nDecember 06, 2018\n\nopenssl, openssl1.0 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n- openssl1.0: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nSamuel Weiser discovered that OpenSSL incorrectly handled DSA signing. (CVE-2018-0734)\n\nSamuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. This issue only affected Ubuntu\n18.04 LTS and Ubuntu 18.10. This issue is\nknown as \"PortSmash\". (CVE-2018-5407)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n libssl1.0.0 1.0.2n-1ubuntu6.1\n libssl1.1 1.1.1-1ubuntu2.1\n\nUbuntu 18.04 LTS:\n libssl1.0.0 1.0.2n-1ubuntu5.2\n libssl1.1 1.1.0g-2ubuntu4.3\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.14\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.27\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes", "sources": [ { "db": "NVD", "id": "CVE-2018-5407" }, { "db": "VULHUB", "id": "VHN-135438" }, { "db": "PACKETSTORM", "id": "169678" }, { "db": "PACKETSTORM", "id": "150437" }, { "db": "PACKETSTORM", "id": "152240" }, { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155413" }, { "db": "PACKETSTORM", "id": "150860" }, { "db": "PACKETSTORM", "id": "150561" }, { "db": "PACKETSTORM", "id": "155416" }, { "db": "PACKETSTORM", "id": "153887" }, { "db": "PACKETSTORM", "id": "150683" } ], "trust": 1.89 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-135438", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-135438" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-5407", "trust": 2.7 }, { "db": "TENABLE", "id": "TNS-2018-17", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2018-16", "trust": 1.7 }, { "db": "BID", "id": "105897", "trust": 1.7 }, { "db": "EXPLOIT-DB", "id": "45785", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "152084", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-201811-279", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "155414", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.0514", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4293", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0644.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4405", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0811", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0481", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0529", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3390.4", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "155413", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "152240", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150138", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "152241", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "152071", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155415", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-135438", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169678", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150437", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150860", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150561", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155416", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "153887", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150683", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-135438" }, { "db": "PACKETSTORM", "id": "169678" }, { "db": "PACKETSTORM", "id": "150437" }, { "db": "PACKETSTORM", "id": "152240" }, { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155413" }, { "db": "PACKETSTORM", "id": "150860" }, { "db": "PACKETSTORM", "id": "150561" }, { "db": "PACKETSTORM", "id": "155416" }, { "db": "PACKETSTORM", "id": "153887" }, { "db": "PACKETSTORM", "id": "150683" }, { "db": "CNNVD", "id": "CNNVD-201811-279" }, { "db": "NVD", "id": "CVE-2018-5407" } ] }, "id": "VAR-201811-0912", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-135438" } ], "trust": 0.01 }, "last_update_date": "2024-11-29T20:09:49.337000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.1 }, { "problemtype": "CWE-203", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-135438" }, { "db": "NVD", "id": "CVE-2018-5407" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:3931" }, { "trust": 2.3, "url": "http://www.securityfocus.com/bid/105897" }, { "trust": 2.3, "url": "https://access.redhat.com/errata/rhsa-2019:0483" }, { "trust": 2.3, "url": "https://access.redhat.com/errata/rhsa-2019:3929" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:0652" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2125" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:3933" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:3935" }, { "trust": 1.7, "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20181126-0001/" }, { "trust": 1.7, "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2018-16" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2018-17" }, { "trust": 1.7, "url": "https://www.debian.org/security/2018/dsa-4348" }, { "trust": 1.7, "url": "https://www.debian.org/security/2018/dsa-4355" }, { "trust": 1.7, "url": "https://www.exploit-db.com/exploits/45785/" }, { "trust": 1.7, "url": "https://security.gentoo.org/glsa/201903-10" }, { "trust": 1.7, "url": "https://eprint.iacr.org/2018/1060.pdf" }, { "trust": 1.7, "url": "https://github.com/bbbrumley/portsmash" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "trust": 1.7, "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "trust": 1.7, "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2019:0651" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2019:3932" }, { "trust": 1.7, "url": "https://usn.ubuntu.com/3840-1/" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407" }, { "trust": 1.0, "url": "https://support.f5.com/csp/article/k49711130?utm_source=f5support\u0026amp%3butm_medium=rss" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734" }, { "trust": 0.6, "url": "https://support.f5.com/csp/article/k49711130?utm_source=f5support\u0026utm_medium=rss" }, { "trust": 0.6, "url": "https://support.symantec.com/us/en/article.symsa1490.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1096270" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1106139" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1106487" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1106553" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/75658" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/76338" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1106493" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4405/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0529/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/152084/gentoo-linux-security-advisory-201903-10.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4293/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/docview.wss?uid=ibm10869830" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/77062" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1143442" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1118487" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10870936" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3390.4/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-plus-cve-2018-0735-cve-2018-0734-cve-2018-5407/" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10873310" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/75802" }, { "trust": 0.5, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2018-5407" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9517" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-0737" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-17199" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9516" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9513" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0217" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0197" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-17189" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0196" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-0734" }, { "trust": 0.2, "url": "https://www.debian.org/security/faq" }, { "trust": 0.2, "url": "https://www.debian.org/security/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0732" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0735" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://support.f5.com/csp/article/k49711130?utm_source=f5support\u0026amp;amp;utm_medium=rss" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/secpolicy.html" }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv/20181112.txt" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0734" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5407" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://docs.ansible.com/ansible-tower/latest/html/release-notes/index.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3835" }, { "trust": 0.1, "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10072" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0221" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1559" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1559" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0221" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10072" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/openssl1.0" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/openssl" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5731" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3613" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5735" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12181" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-5734" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12181" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0161" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-5731" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-5733" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5732" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5734" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0160" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-5732" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-5735" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5733" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3613" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0161" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.14" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.27" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.0g-2ubuntu4.3" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3840-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu6.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.2" } ], "sources": [ { "db": "VULHUB", "id": "VHN-135438" }, { "db": "PACKETSTORM", "id": "169678" }, { "db": "PACKETSTORM", "id": "150437" }, { "db": "PACKETSTORM", "id": "152240" }, { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155413" }, { "db": "PACKETSTORM", "id": "150860" }, { "db": "PACKETSTORM", "id": "150561" }, { "db": "PACKETSTORM", "id": "155416" }, { "db": "PACKETSTORM", "id": "153887" }, { "db": "PACKETSTORM", "id": "150683" }, { "db": "CNNVD", "id": "CNNVD-201811-279" }, { "db": "NVD", "id": "CVE-2018-5407" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-135438" }, { "db": "PACKETSTORM", "id": "169678" }, { "db": "PACKETSTORM", "id": "150437" }, { "db": "PACKETSTORM", "id": "152240" }, { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155413" }, { "db": "PACKETSTORM", "id": "150860" }, { "db": "PACKETSTORM", "id": "150561" }, { "db": "PACKETSTORM", "id": "155416" }, { "db": "PACKETSTORM", "id": "153887" }, { "db": "PACKETSTORM", "id": "150683" }, { "db": "CNNVD", "id": "CNNVD-201811-279" }, { "db": "NVD", "id": "CVE-2018-5407" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-15T00:00:00", "db": "VULHUB", "id": "VHN-135438" }, { "date": "2018-11-12T12:12:12", "db": "PACKETSTORM", "id": "169678" }, { "date": "2018-11-22T23:23:23", "db": "PACKETSTORM", "id": "150437" }, { "date": "2019-03-27T00:33:09", "db": "PACKETSTORM", "id": "152240" }, { "date": "2019-11-20T23:02:22", "db": "PACKETSTORM", "id": "155414" }, { "date": "2019-11-20T20:32:22", "db": "PACKETSTORM", "id": "155413" }, { "date": "2018-12-20T15:05:22", "db": "PACKETSTORM", "id": "150860" }, { "date": "2018-12-03T21:06:37", "db": "PACKETSTORM", "id": "150561" }, { "date": "2019-11-20T20:55:55", "db": "PACKETSTORM", "id": "155416" }, { "date": "2019-08-06T20:47:00", "db": "PACKETSTORM", "id": "153887" }, { "date": "2018-12-07T01:03:36", "db": "PACKETSTORM", "id": "150683" }, { "date": "2018-11-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-279" }, { "date": "2018-11-15T21:29:00.233000", "db": "NVD", "id": "CVE-2018-5407" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-09-18T00:00:00", "db": "VULHUB", "id": "VHN-135438" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-279" }, { "date": "2024-11-21T04:08:45.530000", "db": "NVD", "id": "CVE-2018-5407" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "PACKETSTORM", "id": "169678" }, { "db": "PACKETSTORM", "id": "150860" }, { "db": "PACKETSTORM", "id": "150561" }, { "db": "CNNVD", "id": "CNNVD-201811-279" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL Information disclosure vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-279" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-279" } ], "trust": 0.6 } }
ghsa-3rjg-j575-7f6p
Vulnerability from github
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
{ "affected": [], "aliases": [ "CVE-2018-5407" ], "database_specific": { "cwe_ids": [ "CWE-203" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2018-11-15T21:29:00Z", "severity": "MODERATE" }, "details": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.", "id": "GHSA-3rjg-j575-7f6p", "modified": "2022-05-13T01:16:10Z", "published": "2022-05-13T01:16:10Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5407" }, { "type": "WEB", "url": "https://www.tenable.com/security/tns-2018-17" }, { "type": "WEB", "url": "https://www.tenable.com/security/tns-2018-16" }, { "type": "WEB", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "type": "WEB", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "type": "WEB", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "type": "WEB", "url": "https://www.exploit-db.com/exploits/45785" }, { "type": "WEB", "url": "https://www.debian.org/security/2018/dsa-4355" }, { "type": "WEB", "url": "https://www.debian.org/security/2018/dsa-4348" }, { "type": "WEB", "url": "https://usn.ubuntu.com/3840-1" }, { "type": "WEB", "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20181126-0001" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201903-10" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { "type": "WEB", "url": "https://github.com/bbbrumley/portsmash" }, { "type": "WEB", "url": "https://eprint.iacr.org/2018/1060.pdf" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:3931" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:3929" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:0652" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:0651" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2019:0483" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/105897" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.